manualshive.com logo in svg

Planet Networking & Communication SGSD-1022, User Manual, Page: 103 / 688

Share
Download
Planet Networking & Communication SGSD-1022 User Manual Download Page 103

User’s Manual of SGSD-1022 / SGSD-1022P 

SGSW-2840 / SGSW-2840P 

 

 

103

4.3.3.3 SNMPv3 Users 

Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security level and assigned to a 

group. The SNMPv3 group restricts users to a specific read, write, and notify view.   

 

Figure 4-3-6

 SNMPv3 Users page screenshot 

 

The page includes the following fields: 

Object 

Description 

 

User Name 

The name of user connecting to the SNMP agent.   

(Range: 1-32 characters) 

 

Group Name 

The name of the SNMP group to which the user is assigned.   

(Range: 1-32 characters) 

 

Model 

The user security model; SNMP v1, v2c or v3. 

The security level used for the user:   

-

noAuthNoPriv

There is no authentication or encryption used in SNMP 

communications.  

(This is the default for SNMPv3.) 

-

AuthNoPriv

 

SNMP communications use authentication, but the data is not 

encrypted (only available for the SNMPv3 security model). 

 

Level 

-

AuthPriv

 

SNMP communications use both authentication and 

encryption (only available for the SNMPv3 security model). 

 

Authentication 

The method used for user authentication. 

Options: 

MD5, SHA 

Default: 

MD5

 

 

Authentication 

Password 

A minimum of eight plain text characters is required. 

 

Privacy Protocol 

The encryption algorithm use for data privacy; only 56-bit DES is currently 

available. 

 

Privacy Password 

A minimum of eight plain text characters is required. 

 

Actions 

Enables the user to be assigned to another SNMPv3 group. 

Summary of Contents for SGSD-1022

Page 1: ...User s Manual of SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 1 User s Manual SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P Layer 2 Managed Switches ...

Page 2: ...reciate your comments and suggestions FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy a...

Page 3: ...anel 30 2 1 2 LED Indications 31 2 1 3 Switch Rear Panel 35 2 2 Install the Switch 38 2 2 1 Desktop Installation 38 2 2 2 Rack Mounting 39 2 2 3 Installing the SFP transceiver 41 3 SWITCH MANAGEMENT 43 3 1 Requirements 43 3 2 Management Access Overview 44 3 3 Administration Console 44 3 4 Web Management 46 3 5 SNMP Based Network Management 46 3 6 Protocols 47 3 6 1 Virtual Terminal Protocols 47 3 ...

Page 4: ... Log Messages 74 4 2 8 4 SMTP E Mail Alert 75 4 2 9 UPNP 77 UPnP Configuration 77 4 2 10 Reset 78 4 2 11 SNTP 79 4 2 11 1 SNTP Configuration 79 4 2 11 2 Clock Time Zone 80 4 2 12 LLDP 81 4 2 12 1 LLDP Configuration 81 4 2 12 2 LLDP Port Configuration 83 4 2 12 3 LLDP Trunk Configuration 86 4 2 12 4 LLDP Local Device Information 89 4 2 12 5 Remote Port Information 91 4 2 12 6 LLDP Remote Informatio...

Page 5: ... 4 5 Link Aggregation 129 4 5 1 Trunk Information 130 4 5 2 Trunk Configuration 130 4 5 3 Trunk Broadcast Control 132 4 5 4 Trunk Membership 133 4 5 5 LACP 136 4 5 5 1 LACP Configuration 137 4 5 5 2 LACP Aggregation Port 138 4 5 5 3 Displaying LACP Port Counters 141 4 5 5 4 Displaying LACP Settings and Status for the Local Side 141 4 5 5 5 Displaying LACP Status for the Remote Side 143 4 6 Address...

Page 6: ...te VLAN Association 197 4 8 3 4 Private VLAN Port Information 198 4 8 3 5 Private VLAN Port Configuration 199 4 8 4 Protocol VLAN 201 4 8 4 1 Protocol VLAN Configuration 202 4 8 4 2 Protocol VLAN Port Configuration 203 4 9 Multicast 205 4 9 1 1 IGMP Configuration 206 4 9 1 2 IGMP Immediate Leave 208 4 9 1 3 Multicast Router Port Information 209 4 9 1 4 Static Multicast Router Port Configuration 21...

Page 7: ...Priority Status 236 4 10 2 9 IP TOS Priority 237 4 10 2 10 Mapping IP Port Priority 237 4 10 2 11 IP Port Priority Status 238 4 10 2 12 IP Port Priority 239 4 10 2 13 Mapping CoS Values to ACLs 239 4 10 2 14 ACL CoS Priority 240 4 10 3 DiffServ 241 Configuring Quality of Service Parameters 241 4 10 3 1 Configuring a DiffServ Class Map 242 4 10 3 2 Policy Map 245 4 10 3 3 Service Policy 249 4 10 4 ...

Page 8: ... IEEE 802 1X Port Based Authentication 280 4 11 8 2 Displaying 802 1X Information 283 4 11 8 3 802 1X Configuration 283 4 11 8 4 802 1X Port Configuration 284 4 11 8 5 Displaying 802 1X Statistics 286 4 11 8 6 Windows Platform RADIUS Server Configuration 287 4 11 8 7 802 1X Client Configuration 289 4 11 9 Client Security 292 4 11 10 Port Security 293 4 11 11 Web Authentication 296 4 11 11 1 Web Au...

Page 9: ... 4 12 1 Cluster Configuration 330 4 12 2 Cluster Member Configuration 332 4 12 3 Cluster Member Information 332 4 12 4 Cluster Candidate Information 333 4 13 Power Over Ethernet SGSD 1022P SGSW 2840P 335 4 13 1 Power over Ethernet Powered Device 335 4 13 2 Power Management 336 5 COMMAND LINE INTERFACE 339 5 1 Using the Command Line Interface 339 5 1 1 Accessing the CLI 339 5 1 2 Console Connection...

Page 10: ... 2 Banner Information Commands 356 banner configure 356 banner configure company 358 banner configure dc power info 358 banner configure department 359 banner configure equipment info 359 banner configure equipment location 360 banner configure ip lan 361 banner configure lp number 361 banner configure manager info 362 banner configure mux 363 banner configure note 363 show banner 364 5 5 3 System...

Page 11: ...385 speed 386 stopbits 386 disconnect 387 show line 387 5 7 Event Logging Commands 388 logging on 388 logging history 389 logging host 390 logging facility 391 logging trap 391 clear log 392 show logging 392 show log 394 5 8 SMTP Alert Commands 395 logging sendmail host 395 logging sendmail level 396 logging sendmail source email 396 logging sendmail destination email 397 logging sendmail 397 show...

Page 12: ... snmp server 409 show snmp 409 snmp server community 410 snmp server contact 411 Related Commands 411 snmp server host 412 snmp server enable traps 414 snmp server engine id 415 show snmp engine id 415 snmp server view 416 show snmp view 417 snmp server group 418 show snmp group 419 snmp server user 420 show snmp user 422 5 12 Authentication Commands 423 5 12 1 User Account Commands 423 username 4...

Page 13: ...p server 436 server 437 aaa accounting dot1x 437 aaa accounting exec 438 aaa accounting commands 439 aaa accounting update 440 accounting dot1x 440 accounting exec 441 accounting commands 441 aaa authorization exec 442 authorization exec 443 show accounting 443 5 12 6 Web Server Commands 445 ip http port 445 ip http server 445 ip http secure server 446 ip http secure port 447 5 12 7 Telnet Server ...

Page 14: ...dot1x 466 5 12 10 Management IP Filter Commands 468 management 468 show management 469 5 13 Client Security Commands 470 5 13 1 Port Security Commands 471 port security 471 5 13 2 Network Access MAC Address Authentication 472 network access mode 473 network access max mac count 474 mac authentication intrusion action 474 mac authentication max mac count 475 network access dynamic vlan 475 network ...

Page 15: ... show ip dhcp snooping binding 492 5 13 5 IP Source Guard Commands 492 ip source guard 493 ip source guard binding 494 show ip source guard 495 show ip source guard binding 496 5 14 Access Control List Commands 496 5 14 1 IP ACLs 497 access list ip 497 permit deny Standard ACL 498 permit deny Extended ACL 499 show ip access list 501 ip access group 502 show ip access group 502 map access list ip 5...

Page 16: ...2 5 16 Link Aggregation Commands 524 channel group 525 lacp 525 lacp system priority 527 lacp admin key Ethernet Interface 528 lacp admin key Port Channel 529 lacp port priority 529 show lacp 530 5 17 Mirror Port Commands 535 port monitor 535 show port monitor 536 5 18 Rate Limit Commands 536 rate limit 537 5 19 Address Table Commands 537 mac address table static 538 clear mac address table dynami...

Page 17: ...ge port 554 spanning tree portfast 554 spanning tree link type 555 spanning tree mst cost 556 spanning tree mst port priority 557 spanning tree protocol migration 558 show spanning tree 558 show spanning tree mst configuration 560 5 21 VLAN Commands 562 5 21 1 GVRP and Bridge Extension Commands 562 bridge ext gvrp 563 show bridge ext 563 switchport gvrp 564 show gvrp configuration 564 garp timer 5...

Page 18: ... 584 switchport private vlan mapping 584 show private vlan 585 5 21 7 Configuring Protocol based VLANs 586 protocol vlan protocol group Configuring Groups 586 protocol vlan protocol group Configuring Interfaces 587 show protocol vlan protocol group 588 show interfaces protocol group 589 5 21 8 Configuring Voice VLANs 590 voice vlan 590 voice vlan aging 591 voice vlan mac address 591 switchport voi...

Page 19: ...tlv max frame 609 lldp dot3 tlv poe 610 lldp medtlv extpoe 610 lldp medtlv inventory 611 lldp medtlv location 611 lldp medtlv med cap 612 lldp medtlv network policy 613 show lldp config 613 show lldp info local device 615 show lldp info remote device 616 show lldp info statistics 616 5 23 Class of Service Commands 618 5 23 1 Priority Commands Layer 2 618 queue mode 618 switchport priority default ...

Page 20: ... igmp snooping vlan static 642 ip igmp snooping version 642 ip igmp snooping leave proxy 643 ip igmp snooping immediate leave 644 show ip igmp snooping 644 show mac address table multicast 645 5 25 2 IGMP Query Commands Layer 2 646 ip igmp snooping querier 646 ip igmp snooping query count 647 ip igmp snooping query interval 647 ip igmp snooping query max response time 648 5 25 3 Static Multicast R...

Page 21: ...s 664 ip default gateway 665 ip dhcp restart 666 show ip interface 666 show ip redirects 667 ping 667 6 CLI CONFIGURATION To be Continued 669 System 669 System Information 669 Switch Information 670 Display Bridge Extension Capabilities 670 IP Address Configuration 671 Manual IP Configuration 671 Using DHCP BOOTP 671 Sending Simple Mail Transfer Protocol Alerts 671 Setting the System Clock 672 Set...

Page 22: ...PoE 675 The PoE Provision Process 677 Stages of powering up a PoE link 677 Line Detection 677 Classification 678 Start up 678 Operation 678 Power Disconnection Scenarios 678 9 TROUBLE SHOOTING 680 APPENDEX A 681 A 1 Switch s RJ 45 Pin Assignments 681 A 2 10 100Mbps 10 100Base TX 681 APPENDEX B GLOSSARY 683 ...

Page 23: ...e box should contain the following items Check the contents of your package for following parts The Managed Switch x1 User s manual CD x1 Quick installation guide x1 19 Rack mount accessory kit x1 Power cord x1 Rubber feet X4 RS 232 DB9 male Console cable x1 If any of these are missing or damaged please contact your dealer immediately if possible retain the carton including the original packing ma...

Page 24: ...single IP address instead of connecting and setting each unit one by one For efficient management the SGSx series Managed Ethernet Switch is equipped with console WEB and SNMP management interfaces With its built in Web based management it offers an easy to use platform independent management and configuration facility It supports standard Simple Network Management Protocol SNMP and can be managed...

Page 25: ... explains how to does the switch operation of the Managed Switch Section 8 POWER OVER ETHERNET OVERVIEW The chapter introduce the IEEE 802 3af PoE standard and PoE provision of the Managed Switch Section 9 TROUBSHOOTING The chapter explains how to trouble shooting of the Managed Switch Appendix A The section contains cable information of the Managed Switch 1 4 Product Features Physical Ports SGSD ...

Page 26: ...liminate erroneous packets to optimize the network bandwidth 8K MAC address table automatic source address learning and ageing 2Mbit embedded memory for packet buffers Support VLANs IEEE 802 1Q tag based VLAN IEEE 802 1v Protocol based VLAN Q in Q tunneling GVRP protocol for VLAN Management Up to 255 VLANs groups out of 4041 VLAN IDs Private VLAN Edge PVE supported Support Link Aggregation up to 1...

Page 27: ...3 switch management SSH v1 v2 switch management SSL v3 TLS v1 switch management IP Stacking management up to 36 units Accesses through SNMPv1 v2c and v3 security set and get requests Four groups history statistics alarms and events of embedded remote monitoring RMON agents for network monitoring and traffic analysis Built in Trivial File Transfer Protocol TFTP client Power over Ethernet SGSD 1022P...

Page 28: ...onsumption Max 10 5 watts 32 6 BTU Max 130 watts 443 BTU Max 20 watts 68 5 BTU Max 260 watts 887 BTU Dimensions W x D x H 330 x 155 x 43 5mm 1U height 330 x 155 x 43 5mm 1U height 430 x 178 x 44 5mm 1U height 440 x 265 x 44mm 1U height Weight 1 3kg 2 0kg 2 8 KG 3 0kg 5 87 kg Power AC 100 240V 50 60Hz AC 100 240V 50 60Hz AC 100 240V 50 60Hz DC 30 60V AC 100 240V 50 60Hz Layer 2 Function Management ...

Page 29: ...wer Pin Assignment 1 2 3 6 1 2 3 6 PoE Power Budget 110 Watts 230 Watts Standards Conformance Regulation Compliance FCC Part 15 Class A CE Standards Compliance IEEE 802 3 IEEE 802 3u IEEE 802 3z IEEE 802 3ab IEEE 802 3x IEEE 802 3ad IEEE 802 1d IEEE 802 1w IEEE 802 1s IEEE 802 1p IEEE 802 1Q IEEE 802 1v IEEE 802 1x IEEE 802 3af 10Base T 100Base TX 1000Base SX LX 1000Base T Flow Control and Back pr...

Page 30: ... display the unit LED indicators Before connecting any network device to the switch please read this chapter completely 2 1 Hardware Description 2 1 1 Switch Front Panel The unit front panel provides a simple interface monitoring the switch Figure 2 1 to 2 4 shows the front panel of the Managed Switches SGSD 1022 Front Panel Figure 2 1 SGSD 1022 front panel SGSD 1022P Front Panel Figure 2 2 SGSD 1...

Page 31: ... any terminal emulation program Hyper Terminal ProComm Plus Telix Winterm and so on to enter the statup screen of the device 2 1 2 LED Indications The front panel LEDs indicates instant status of port links data activity system operation PoE in use status and system power helps monitor and troubleshoot when needed SGSD 1022 LED indication Figure 2 5 SGSD 1022 LED panel System LED Color Function PW...

Page 32: ...t the switch is actively sending or receiving data over that port 10 100 LNK ACT Orange Off If 1000 LNK ACT LED light indicate that the port is operating at 1000Mbps If 1000 LNK ACT LED Off indicate that the port is link down SGSD 1022P LED indication Figure 2 6 SGSD 1022P LED panel System LED Color Function PWR Green Lights to indicate that the Switch is powered on Blink to indicate the System is...

Page 33: ...t port 10 100 LNK ACT Orange Off If 1000 LNK ACT LED light indicate that the port is operating at 1000Mbps If 1000 LNK ACT LED Off indicate that the port is link down SGSW 2840 SGSW 2840R LED indication Figure 2 7 SGSW 2840 LED panel System LED Color Function PWR Green Lights to indicate that the Switch is powered on Blink to indicate the System is running under booting procedure 10 100Base TX int...

Page 34: ...e that the port is operating at 1000Mbps If 1000 LNK ACT LED Off indicate that the port is link down SGSW 2840P LED indication Figure 2 8 SGSW 2840P LED panel System LED Color Function PWR Green Lights to indicate that the Switch is powered on Blink to indicate the System is running under booting procedure PWR Alert Green Lights to indicate that the power supply failure FAN1 Alert Green Lights to ...

Page 35: ...ghts To indicate the link through that port is successfully established with speed 10Mbps or 100Mbps Blink To indicate that the switch is actively sending or receiving data over that port 10 100 LNK ACT Orange Off If 1000 LNK ACT LED light indicate that the port is operating at 1000Mbps If 1000 LNK ACT LED Off indicate that the port is link down 2 1 3 Switch Rear Panel The rear panel of the Manage...

Page 36: ...panel of SGSW 2840 SGSW 2840P Rear Panel Figure 2 14 Rear panel of SGSW 2840P Power Receptacle For compatibility with electric service in most areas of the world the WGS3 Layer 3 Switch s power supply automatically adjusts to line power in the range 100 240VAC and 50 60 Hz Plug the female end of the power cord firmly into the receptalbe on the rear panel of the Switch Plug the other end of the ...

Page 37: ... it will not work till it is powered If your networks should active all the time please consider using UPS Uninterrupted Power Supply for your device It will prevent you from network data loss or network downtime In some area installing a surge suppression device may also help to protect your Managed Switch from being damaged by unregulated surge or current to the Switch or the power adapter ...

Page 38: ...sktop Step3 Keep enough ventilation space between the Managed Switch and the surrounding objects When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and Specification Step4 Connect the Managed Switch to network devices Connect one end of a standard network cable to the 10 100 1000 RJ 45 ports on the front of the Managed Switch Connect the ot...

Page 39: ... package Figure 2 16 and 2 17 shows how to attach brackets to one side of the Managed Switch Figure 2 16 Attach brackets to the Managed Switch Figure 2 17 Attach brackets to the Managed Switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws would invalidate the warranty Step3 Secure the brackets tightly Step4 Follow the same steps to...

Page 40: ... SGSW 2840P 40 Figure 2 18 Mounting SGSD 1022 in a Rack Figure 2 19 Mounting SGSW 2840 in a Rack Step6 Proceeds with the steps 4 and steps 5 of session 2 2 1 Desktop Installation to connect the network cabling and supply power to the Managed Switch ...

Page 41: ...at the time of publication MGB SX SFP 1000BASE SX SFP transceiver MGB LX SFP 1000BASE LX SFP transceiver It recommends using PLANET SFPs on the Managed Switch If you insert a SFP transceiver that is not supported the Managed Switch will not recognize it Before connect the other Managed Switches workstation or Media Converter 1 Make sure both side of the SFP transceiver are with the same media type...

Page 42: ... works with some fiber NICs or Media Converters set the Link mode to 1000 Force is needed Remove the transceiver module 1 Make sure there is no network activity by consult or check with the network administrator Or through the management interface of the switch converter if available to disable the port in advance 2 Remove the Fiber Optic Cable gently 3 Turn the handle of the MGB module to horizon...

Page 43: ...Management Access Overview Administration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations of subscribers running Windows 98 ME NT4 0 2000 XP MAC OS9 or later Linux UNIX or other platform compatible with TCP IP protocols Workstation installed with Ethernet NIC Network Interface Card Serial Port connect Terminal Above PC with COM...

Page 44: ... all popular browsers Can be accessed from any location Most visually appealing Security can be compromised hackers need only know the IP address and subnet mask May encounter lag times on poor connections SNMP Agent Communicates with switch functions at the MIB level Based on open standards Requires SNMP manager software Least visually appealing of all three methods Some settings require calculat...

Page 45: ...e terminal emulation program to use the following parameters The default parameters are 9600 bps 8 data bits No parity 1 stop bit Figure 3 2 Terminal parameter settings You can change these settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial po...

Page 46: ...orer 6 0 or later Safari or Mozilla Firefox 1 5 or later Figure 3 3 Web management 3 5 SNMP Based Network Management You can use an external SNMP based application to configure and manage the Managed Switch such as SNMPc Network Manager HP Openview Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the switch and the SNMP Network Management Station to u...

Page 47: ...twork Management Protocol SNMP is the standard management protocol for multi vendor IP networks SNMP supports transaction based queries that allow the protocol to format messages and to transmit information between reporting devices and data collection programs SNMP runs on top of the User Datagram Protocol UDP offering a connectionless mode service 3 6 3 Management Architecture All of the managem...

Page 48: ... not allow Java Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Managed Switch can be configured through an Ethernet connection make sure the manager PC must be set on same the IP subnet address with the Managed Switch For example the default IP address of the SGSD SGSW Managed Switch is 192 168 0 100 then the manager PC...

Page 49: ...ss as following http 192 168 0 100 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Managed Switch The login screen in Figure 4 1 2 appears Figure 4 1 2 Login screen Default User name admin Default Password admin After entering the username and password the main sc...

Page 50: ...and statistics the Managed Switch provides 1 It is recommended to use Internet Explore 6 0 or above to access Managed Switch 2 The changed IP address take effect immediately after click on the Apply button you need to use the new IP address to access the Web interface 3 The changed IP address remains the original after reboot the switch unless the configuration is saved To save the changed IP addr...

Page 51: ... refresh be sure that Internet Explorer is configured so that the setting Check for newer versions of stored pages reads Every visit to the page Internet Explorer 6 x and earlier This option is available under the menu Tools Internet Options General Temporary Internet Files Settings Internet Explorer 7 x This option is available under Tools Internet Options General Browsing History Settings Tempor...

Page 52: ...s The following table briefly describes the selections available from this program Via the Web Management the administrator can setup the Managed Switch by select the functions those listed in the Main Function The screen in Figure 4 1 5 appears Figure 4 1 5 SGSD SGSW Managed Switch Main Funcrions Menu Configuration Options Configurable parameters have a dialog box or a drop down list Once a confi...

Page 53: ...er s Manual of SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 53 The following Main functions can be configured here System SNMP Port Management Address Table Spanning Tree VLAN Multicast QoS Security Cluster ...

Page 54: ...eters IP Configuration Sets the IP address for management access Jumbo Frames Enables jumbo frame packets Copy Operation Allows the transfer and copying files Delete Allows deletion of files from the flash memory File Management Set Start Up Sets the startup file Line Sets console port and telnet connection parameters Logs Stores and displays error messages System Logs Sends error messages to a lo...

Page 55: ...ect Description System Name Enter the name you want to use to identify this switch You may use up to 31 alpha numeric characters The factory default is blank Object ID The base object ID for the Managed Switch s enterprise MIB Location Enter the location of this Managed Switch You may use up to 31 alpha numeric characters The factory default is blank Contact Enter the contact person for this switc...

Page 56: ...mation screenshot The page includes the following fields Main Board Object Description Serial Number The serial number of the Managed Switch Number of Ports Number of built in RJ 45 ports The default value of each model as below SGSD 1022 SGSD 1022P 10 SGSW 2840 SGSW 2840P 28 Hardware Version Hardware version of the main board Management Software Object Description Loader Version Version number of...

Page 57: ...ed on GMRP GARP Multicast Registration Protocol Traffic Classes This Managed Switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service Configuration VLAN Learning This Managed Switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This Managed Switch allows you to override the default Port VLAN...

Page 58: ... Configuration screenshot Object Description Management VLAN ID of the configured VLAN 1 4094 This is the only VLAN through which you can manage the Managed Switch By default all ports on the Managed Switch are members of VLAN 1 However the management station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address IP Address Mode Specifies whether IP fu...

Page 59: ...TP If your network provides DHCP BOOTP services you can configure the Managed Switch to be dynamically configured by these services 1 Click System IP Configuration 2 Specify the VLAN to which the management station is attached set the IP Address Mode to DHCP or BOOTP 3 Click Apply to save your changes 4 Then click Restart DHCP to immediately request a new address The Managed Switch will also broad...

Page 60: ...tem file folder contains firmware and configuration settings This section has the following options Copy Operation Allows the transfer and copying files such as Downloading System Software from a Server Downloading Configuration Settings from a Server Saving Configuration Settings Restoring Configuration Settings Delete Allows deletion of files from the flash memory Set Start Up Sets the startup f...

Page 61: ...g config to tftp Copies the running configuration to a TFTP server startup config to file Copies the startup configuration to a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a file from a TFTP server to the switch tftp to running config Copies a file fr...

Page 62: ...nfig to startup config as the file transfer method 3 Select the startup file name used for startup on the Managed Switch to overwrite or specify a new file name then click Apply Figure 4 2 7 Configuration saving screenshot You can also select any configuration file as the start up configuration by using the System File Management Set Start Up page 4 If you specify a new file name to startup config...

Page 63: ...System File Management Copy Operation 2 Select tftp to file as the file transfer method enter the IP address of the TFTP server 3 Set the file type to opcode enter the file name of the software to download select a file on the Managed Switch to overwrite or specify a new file name and click Apply 4 If you replaced the current firmware used for startup and want to start using the new operation code...

Page 64: ...ile name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Example 3 Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file or you can specify the current startup configuration file as the...

Page 65: ...tch s settings 1 Click System File Management Copy Operation 2 Select running config to tftp or startup config to tftp as the file transfer method enter the IP address of the TFTP server 3 Enter a new file name for the configuration to upload and click Apply Figure 4 2 12 Upload system configuration screenshot 1 The file Factory_Default_Config cfg can be copied to the TFTP server but cannot be use...

Page 66: ...ystem File Management Delete 2 Select the file name from the given list by checking the tick box and click Apply Figure 4 2 13 File Delete screenshot The currently designated startup version cannot be deleted 4 2 6 3 Set Startup You can download a file under a new file name and then set it as the startup file or you can specify the current startup file as the destination file to directly replace i...

Page 67: ...ion file Startup Shows if this file is used when the system is started Size The length of the file in bytes If you download to a new file name using tftp to startup config the file is automatically set as the start up configuration file To use the new settings reboot the system via the Reset page The file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destina...

Page 68: ...Sets Telnet connection parameters 4 2 7 1 Console Port Settings Specify the console port connection parameters as required then click Apply The Console Port Settings screen in Figure 4 2 15 appears Figure 4 2 15 Console port settings screenshot The page includes the following fields Object Description Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login a...

Page 69: ...ded Range 0 65535 Default 0 Data Bits Sets the number of data bits per character that are interpreted and generated by the console port If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Default 8 bits Parity Defines the generation of a parity bit Communication protocols provided by some terminals can require a specific parity ...

Page 70: ... Default Enabled Telnet Port Number Sets the TCP port number for Telnet on the switch Default 23 Login Timeout Sets the interval that the system waits for a user to log into the Range 0 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 ...

Page 71: ...fy which levels are logged to RAM or flash memory Severe error messages that are logged to flash memory are permanently stored in the switch to assist in troubleshooting network problems Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you to configure a...

Page 72: ... Flash Level 0 7 Limits log messages saved to the switch s permanent flash memory for all levels up to the specified level For example if level 3 is specified all messages from level 0 to level 3 will be logged to flash Range 0 7 Default 3 RAM Level 0 7 Limits log messages saved to the switch s temporary RAM memory for all levels up to the specified level For example if level 7 is specified all me...

Page 73: ...n the Host IP List and then click Remove The page includes the following fields Object Description Remote Log Status Enables disables the logging of debug or error messages to the remote logging process Default Enabled Logging Facility Sets the facility type for remote logging of syslog messages There are eight facility types specified by values of 16 to 23 The facility type is used by the syslog ...

Page 74: ...emote server IP addresses that receive the syslog messages The maximum number of host IP addresses allowed is five Host IP Address Specifies a new server IP address to add to the Host IP List Host IP Address Syslog Server IP address 4 2 8 3 Displaying Log Messages The Logs page allows you to scroll through the logged system and event messages The Managed Switch can store up to 2048 log entries in ...

Page 75: ...ess to the Server IP List type the new IP address in the Server IP Address box and then click Add 3 To delete an IP address click the entry in the Server IP List and then click Remove The page includes the following fields Object Description Admin Status Enables disables the SMTP function Default Disabled Email Source Address Sets the email address used for the From field in alert messages You may...

Page 76: ...ield and the Add Remove buttons to configure the list 1 The Managed Switch doesn t support DNS protocol to make the SMTP alert receiver to get the e mail send by the Managed Switch the correct SMTP Server s IP address has to be field in the Server List Check the correct IP address of the Mail Server before enter the field 2 It is recommended to send a test e mail to make sure you can receive the a...

Page 77: ...very message After a control point has retrieved a description of the device it can send actions to the devices service To do this a control point sends a suitable control message to the control URL for the service provided in the device description When a device is known to the control point periodic event notification messages are sent An UPnP description for a service includes a list of actions...

Page 78: ...tch The Managed Switch s configuration will not be saved automatically you have to save the configuration manually before system reboot 1 Click System Reset 2 Click the Reset button to reboot the Managed Switch 3 When prompted confirm that you want reset the switch Figure 4 2 23 Reset page screenshot Figure 4 2 24 Reset page screenshot When restarting the system it will always run the Power On Sel...

Page 79: ...naged Switch to send time synchronization requests to specific time servers i e client mode update its clock based on broadcasts from time servers or use both methods When both methods are enabled the Managed Switch will update its clock using information broadcast from time servers but will query the specified server s if a broadcast is not received with the polling interval Figure 4 2 25 SNTP Co...

Page 80: ...cal time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Figure 4 2 26 Clock Time Zone page screenshot The page includes the following fields Object Description Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes befor...

Page 81: ...ing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate network topology 4 2 12 1 LLDP Configuration Setting LLDP Timing Attributes Use...

Page 82: ...a delay between the successive transmission of advertisements initiated by a change in local LLDP MIB variables Range 1 8192 seconds Default 2 seconds The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects and to increase the probability that multiple rather than single changes are reported in each transmissi...

Page 83: ...D Fast Start Count Configures the amount of LLDP MED Fast Start LLDPDUs to transmit during the activation process of the LLDP MED Fast Start mechanisim Range 1 10 packets Default 4 packets The MED Fast Start Count parameter is part of the timer which ensures that the LLDP MED Fast Start mechanism is active for the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefore int...

Page 84: ...t any lldpRemTablesChange notification events missed due to throttling or transmission loss TLV Type Configures the information included in the TLV field of advertised messages Port Description The port description is taken from the ifDescr object in RFC 2863 which includes information about the manufacturer the product name and the version of the interface hardware software System Description The...

Page 85: ...s Port Capabilities This option advertises LLDP MED TLV capabilities allowing Media Endpoint and Connectivity Devices to efficiently discover which LLDP MED related TLVs are supported on the switch Network Policy This option advertises network policy configuration information aiding in the discovery and diagnosis of VLAN configuration mismatches on a port Improper network policy configurations fre...

Page 86: ...ation Enables the transmission of SNMP trap notifications about LLDP and LLDP MED changes Default Enabled This option sends out SNMP trap notifications to designated target stations at the interval specified by the Notification Interval in the preceding section Trap notifications include information about state changes in the LLDP MIB IEEE 802 1AB the LLDP MED MIB ANSI TIA 1057 or vendor specific ...

Page 87: ... The interface number and OID are included to assist SNMP applications in the performance of network discovery by indicating enterprise specific or other starting points for the search such as the Interface or Entity MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual LLDP PDU may contain more than one management address TLV Every management...

Page 88: ...ended Power over Ethernet capability details such as power availability from the switch and power state of the switch including whether the switch is operating from primary or backup power the Endpoint Device could use this information to decide to enter power conservation mode Note that this device does not support PoE capabilities Inventory This option advertises device details useful for invent...

Page 89: ...AN entity associated with the transmitting LLDP agent There are several ways in which a chassis may be identified and a chassis ID subtype is used to indicate the type of component being referenced by the chassis ID field Chassis ID An octet string indicating the specific identifier for the particular chassis in this system System Name An string that indicates the system s administratively assigne...

Page 90: ...face alias IfAlias IETF RFC 2863 Port component EntPhysicalAlias when entPhysicalClass has a value port 10 or backplane 4 IETF RFC 2737 MAC address MAC address IEEE Std 802 2001 Network address networkAddress Interface name ifName IETF RFC 2863 Locally assigned locally assigned Table 4 2 1 Chassis ID Subtype ID Basis Reference Other Repeater IETF RFC 2108 Bridge IETF RFC 2674 WLAN Access Point IEE...

Page 91: ...c identifier for the port from which this LLDPDU was transmitted 4 2 12 5 Remote Port Information Use the LLDP Remote Port Trunk Information screen to display information about devices connected directly to the switch s ports which are advertising information through LLDP Figure 4 2 32 LLDP Configuration page screenshot The page includes the following fields Object Description Local Port The local...

Page 92: ...tail Use the LLDP Remote Information Details screen to display detailed information about an LLDP enabled device connected to a specific port on the local switch Figure 4 2 33 LLDP Configuration page screenshot The page includes the following fields Object Description Local Port The local port to which a remote LLDP capable device is attached Chassis Type Identifies the chassis containing the IEEE...

Page 93: ...d The primary function s of the system which are currently enabled Refer to the preceding table See Table 4 2 2 System Capabilities Management Address The IPv4 address of the remote device If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement ID Basis Reference Interface alias IfAlias IETF RFC 2863 Chassis component EntPh...

Page 94: ...t Last Updated The time the LLDP neighbor entry list was last updated New Neighbor Entries Count The number of LLDP neighbors for which the remote TTL has not yet expired Neighbor Entries Deleted Count The number of LLDP neighbors which have been removed from the LLDP remote systems MIB for any reason Neighbor Entries Dropped Count The number of times which the local remote database dropped an LLD...

Page 95: ...eral validation rules as well as any specific usage rules defined for the particular TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count of all TLVs not recognized by the receiving LLDP local agent TLVs Discarded A count of all LLDPDUs received and th...

Page 96: ... submit a valid community string for authentication Access to the switch using from clients using SNMPv3 provides additional security features that cover message integrity authentication and encryption as well as controlling user access to specific areas of the MIB tree The SNMPv3 security structure consists of security models with each model having it s own security levels There are three securit...

Page 97: ...ce for all management clients i e versions 1 2c or 3 Figure 4 3 1 SNMP Agent Status page screenshot The page includes the following fields Object Description Snmp Agent Status Enable Disable SNMP on the Managed Switch 4 3 2 SNMP Configuration Use this page to configure the community strings authorized for management access and to specify the trap managers that will receive SNMP notifications or tr...

Page 98: ...cess rights for the community string Read Only Authorized management stations are only able to retrieve MIB objects Read Write Authorized management stations are able to both retrieve and modify MIB objects 4 3 2 2 SNMP Trap Management Traps indicating status changes are issued by the switch to specified trap managers You must specify trap managers so that key events are reported by this switch to...

Page 99: ...hich include a request for acknowledgement of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider these effects when deciding whether to issue notifications as traps or informs To send an...

Page 100: ...Name in the SNMPv3 Users page for Version 3 clients Range 1 32 characters case sensitive Trap UDP Port Specifies the UDP port number used by the trap manager Default 162 Trap Version Specifies whether to send notifications as SNMP v1 v2c or v3 traps Default v1 When trap version 3 is selected you must specify one of the following security levels noAuthNoPriv There is no authentication or encryption...

Page 101: ... independent SNMP agent that resides on the switch This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine ID If the local engine ID ...

Page 102: ... SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Specifying Trap Managers and Trap Types and Configuring Remote SNMPv3 Users A new engine ID can be specified by entering 10 to 64 hexadecima...

Page 103: ...or v3 The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model Level AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model ...

Page 104: ...gned group of a user click Change Group in the Actions column of the users table and select the new group Figure 4 3 7 SNMPv3 Users NEW page screenshot The SNMPv3 User New page includes the following fields Object Description User Name The name of user connecting to the SNMP agent Range 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Securi...

Page 105: ...cation Protocol The method used for user authentication Options MD5 SHA Default MD5 Authentication Password A minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text characters is required EXAMPLE Add a new SNMPv3 user In the New User page define a name an...

Page 106: ...Pv3 user on a remote device you must first specify the engine identifier for the SNMP agent on the remote device where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host See Specifying Trap Managers and Trap Types and Specifying a Remote Engine ID Figure 4 3 10 SNMPv3 Remote Users page screenshot ...

Page 107: ...s the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model Level AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Authentication The method used for user authentication Options MD5 SHA Default MD5 Authentication Password A minimum of eight plain...

Page 108: ...elete a group check the box next to the group name then click Delete The page includes the following fields Object Description Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Model The user security model SNMP v1 v2c or v3 The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the defa...

Page 109: ...escription RFC 1493 Traps newRoot 1 3 6 1 2 1 17 0 1 The newRoot trap indicates that the sendingagent has become the new root of the Spanning Tree the trap is sent by a bridge soon after its election as the new root e g upon expiration of the Topology Change Timer immediatelysubsequent to its election topologyChange 1 3 6 1 2 1 17 0 2 A topologyChange trap is sent by a bridge when any of its confi...

Page 110: ...tioned into some other state but not into the notPresent state This other state is indicated by the included value of ifOperStatus authenticationFailure 1 3 6 1 6 3 1 1 5 5 An authenticationFailure trap signifies that the SNMPv2 entity acting in an agent role has received a protocol message that is not properly authenticated While all implementations of the SNMPv2 must becapable of generating this...

Page 111: ...s Allows you to configure the object identifiers of branches within the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view 1 Click SNMP SNMPv3 Views 2 Click New to configure a new view 3 In the New View page define a name and specify OID subtrees in the switc...

Page 112: ...User s Manual of SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 112 Figure 4 3 14 SNMPv3 View Edit page screenshot ...

Page 113: ...guration Sets the source and target ports for mirroring Rate Limit Input Port Configuration Sets the input rate limit for each port Output Port Configuration Sets the output rate limit for ports Port Statistics Lists Ethernet and RMON port statistics 4 4 1 Port Information You can use the Port Information or Trunk Information pages to display the current connection status including link state spee...

Page 114: ... mode Auto or fixed choice Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure None Autonegotiation Shows if auto negotiation is enabled or disabled Trunk Member Shows if port is a trunk member Creation Shows if a trunk is manually configured or dynamically set via LACP Trunk Information only In some situation when the Managed Switch port is set to Aut...

Page 115: ...ure 4 4 2 Port Configuration page screenshot The page includes the following fields Object Description Name Allows you to label an interface Range 1 64 characters Admin Allows you to manually disable an interface You can disable an interface due to abnormal behavior e g excessive collisions and then re enable it after the problem has been resolved You may also disable an interface for security rea...

Page 116: ...ull Supports 10 Mbps full duplex operation 100half Supports 100 Mbps half duplex operation 100full Supports 100 Mbps full duplex operation 1000full Combo ports only Supports 1000 Mbps full duplex operation Default Autonegotiation enabled Advertised capabilities for 100BASE TX 10half 10full 100half 100full 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH 1000full Sym Check this i...

Page 117: ...e can be severely degraded or everything can come to complete halt You can protect your network from broadcast storms by setting a threshold for broadcast traffic for each port Any broadcast packets exceeding the specified threshold will then be dropped Command Usage Broadcast Control is enabled by default The default threshold is 1000K packets per second Broadcast control does not effect IP multi...

Page 118: ...old of 500 Kbytes per second choose 100K under Scale and 5 under Level Scale Range 1 10 100 1000 Kbytes per second Default 1000 Kbytes per second Level Range 1 127 Default 5 Port Port number Trunk Shows if a port is a trunk member Type Indicates the port type 100BASE TX 1000BASE T or 1000BASE SFP Protect Status Enables or disables broadcast storm control Default Enabled Trunk Shows if port is a tr...

Page 119: ...You can mirror traffic from any source port to a target port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner Command Usage Monitor port speed should match or exceed source port speed otherwise traffic may be dropped from the monitor port All mirror sessions must share the ...

Page 120: ...s Source Port The port whose traffic will be monitored Range SGSW 2840 SGSW 2840P 1 28 Range SGSD 1022 SGSD 1022P 1 10 Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit Both receive and transmit Default Rx Target Port The port that will mirror the traffic on the source port Range SGSW 2840 SGSW 2840P 1 28 Range SGSD 1022 SGSD 1022P 1 10 Figure 4 4 6 Mirror...

Page 121: ...User s Manual of SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 121 Figure 4 4 7 Mirror Port Configuration page screenshot ...

Page 122: ...ing traffic is dropped conforming traffic is forwarded without any changes 4 4 5 1 Input Rate Limit Port Configuration Use the rate limit configuration pages to apply input rate limiting Figure 4 4 8 Input Rate Limit Port Configuration page screenshot 1 Click Port Rate Limit Inputt Port Configuration 2 Enable the Rate Limit Status for the required interfaces set the Rate Limit Scale and Rate Limit...

Page 123: ...onfiguration 4 Enable the Rate Limit Status for the required interfaces set the Rate Limit Scale and Rate Limit Level and click Apply The page includes the following fields Object Description Port Trunk Displays the port trunk number Output Rate Limit Status Enables or disables the rate limit Default Enabled Output Rate Limit Scale Level Multiplied by one another the scale and level set the rate l...

Page 124: ...he traffic passing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total count of different frame types and sizes passing through each port All values displayed have been accumulated since the last system reboot and are shown as co...

Page 125: ...r of packets delivered by this sub layer to a higher sub layer which were addressed to a multicast address at this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors h...

Page 126: ... Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to ahigher layer protocol One possible reason for discarding such a packet could be to free up buffer space Received Unknown Packets The number of packets received via the interface which were discardedbecause of an unknown or unsupported pro...

Page 127: ...count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error Multiple Collision Frames A count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame SQE Test Erro...

Page 128: ...rwise well formed Oversize Frames The total number of frames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames...

Page 129: ...providing a fault tolerant link between two devices You can create up to 5 12 trunks at a time The Managed Switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manually configured at both ends of the link and the switches must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can automatically negotiate a...

Page 130: ...ave to be treated as a whole when moved from to added or deleted from a VLAN STP VLAN and IGMP settings can only be made for the entire trunk 4 5 1 Trunk Information You can use the Trunk Information pages to display the current connection status including link state speed duplex mode flow control and auto negotiation To change any of the port settings use the Trunk Configuration page Figure 4 5 1...

Page 131: ...hen its buffers fill When enabled backpressure is used for half duplex operation and IEEE 802 3 2005 formally EEE 802 3x for full duplex operation Avoid using flow control on a port connected to a hub unless it is actually required o solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Autonegotiation Allows auto negotiation to...

Page 132: ...ld Multiplied by one another the scale and level set the broadcast threshold For example to set a threshold of 500 Kbytes per second choose 100K under Scale and 5 under Level Scale Range 1 10 100 1000 Kbytes per second Default 1000 Kbytes per second Level Range 1 127 Default 5 Port Port number Trunk Shows if a port is a trunk member Type Indicates the port type 100BASE TX 1000BASE T or 1000BASE SF...

Page 133: ... creating a loop in the network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Figure 4 5 4 For additional information see Configuring Trunks Command Sequence To configure a static trunk Enter a trunk ID of 1 5 in the Trunk field Select any of the Managed Switch ...

Page 134: ...down port list and click Add 3 After you have completed adding ports to the member list click Apply The page includes the following fields Object Description Member List Shows configured trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Trunk Trunk identifier SGSD 1022 SGSD 1022P Range 1 5 SGSW 2840 SGSW 2840P Range 1 12 Port Port identifier SGSD 1022 SGSD 1022P Range 1 1...

Page 135: ...User s Manual of SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 135 Figure 4 5 6 Trunk Membership page screenshot Figure 4 5 7 Trunk Membership page screenshot Figure 4 5 8 Trunk Membership page screenshot ...

Page 136: ...fail one of the standby ports will automatically be activated to replace it Enabling LACP on Selected Ports Command Usage To avoid creating a loop in the network be sure you enable LACP before connecting the ports and also disconnect the ports before disabling LACP If the target switch has also enabled LACP on the connected ports the trunk will be activated automatically A trunk formed with anothe...

Page 137: ...ort LACP Configuration 2 Select any of the switch ports from the scroll down port list and click Add 3 After you have completed adding ports to the member list click Apply The page includes the following fields Object Description Member List Shows configured trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Port Port identifier SGSD 1022 SGSD 1022P Range 1 10 SGSW 2840 SG...

Page 138: ... LACP Aggregation Port Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP System Priority Ports must have the same LACP port Admin Key However if the port channel Admin Key is set then the port Admin Key must be set to the same value for a port to be allowed to join a channel group ...

Page 139: ...enshot 1 Click Port LACP Aggregation Port 2 Set the System Priority Admin Key and Port Priority for the Port Actor 3 You can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device ...

Page 140: ...join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 1 Port Priority If a link goes down LACP port priority is used to select a...

Page 141: ...ed from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type Marker Illegal Pkts Number of frames that carry the Slow ...

Page 142: ...ate Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive machine is using defaulted operational partner information administratively configured for the partner Distributing If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expec...

Page 143: ... aggregation Long timeout Periodic transmission of LACPDUs uses a slow transmission rate LACP Activity Activity control value with regard to this link 0 Passive 1 Active 4 5 5 5 Displaying LACP Status for the Remote Side You can display configuration settings and the operational state for the remote side of a link aggregation Figure 4 5 17 LACP Port Internal Information page screenshot The page in...

Page 144: ...n Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol partner Oper Key Current operational value of the Key for the protocol partner Admin State Administrative values of the partner s state parameters See preceding tab...

Page 145: ...terface on this Managed Switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Sequence Specify the interface the MAC address and VLAN then click Add Static Address Figure 4 6 1 Static Addresses page screenshot 1 Click Address Table Static A...

Page 146: ...4 6 2 Dynamic Addresses The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Sequence Specify the search type i e m...

Page 147: ...ayed addresses and then click Query The page includes the following fields Object Description Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4094 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number of addresses dynamically le...

Page 148: ...ging time for entries in the Dynamic Address Table Figure 4 6 4 Dynamic Addresses page screenshot The page includes the following fields Object Description Aging Status Enables disables the function Aging Time The time after which a learned entry is discarded Range 10 98301 seconds Default 300 seconds ...

Page 149: ...to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs B...

Page 150: ...An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers including the Region Name Revision Level and Configuration Digest see Configuring Multiple Spanning Trees An MST Region may contain multiple MSTP Instances An Internal Spanning Tree IST is used to connect all the MSTP switches within an MST region A Common Spanning Tree CST interconnects al...

Page 151: ...n a single switch in user specified groups Automatically reconfigures the spanning tree to compensate for the failure addition or removal of any element in the tree Reconfigures the spanning tree without operator intervention Bridge Protocol Data Units For STP to arrive at a stable network topology the following information is used The unique switch identifier The path cost to the root associated ...

Page 152: ...the network before starting to forward packets They must also wait for the packet lifetime to expire for BPDU packets that were forwarded based on the old topology The forward delay timer is used to allow the network topology to stabilize after a topology change In addition STP specifies a series of states a port must transition through to further ensure that a stable network topology is created a...

Page 153: ...o levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same way for both levels On the switch level STP calculates the Bridge Identifier for each switch and then sets the Root Bridge and the Desig...

Page 154: ... greater chance of a given port being elected as the root port 128 Port Cost A value used by STP to evaluate paths STP calculates path costs and selects the path with the minimum cost as the active path 200 000 100Mbps Fast Ethernet ports 20 000 1000Mbps Gigabit Ethernet ports 0 Auto Default Spanning Tree Configuration Feature Default Value Enable state STP disabled for all ports Port priority 128...

Page 155: ...ower the number the greater the probability the port will be chosen to forward packets 3 Illustration of STP A simple illustration of three switches connected in a loop is depicted in the below diagram In this example you can anticipate some major network problems if the STP assistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C wi...

Page 156: ... LAN 1 LAN 2 LAN 3 Designated Port Root Port Root Port Designated Port Blocked After Applying the STA Rules The switch with the lowest Bridge ID switch C was elected the root bridge and the ports were selected to give a high port cost between switches B and C The two optional Gigabit ports default port cost 4 on switch A are connected to one optional Gigabit port on both switch B and C The redunda...

Page 157: ...signed as a general replacement for the slower legacy STP RSTP is also incorporated into MSTP RSTP achieves must faster reconfiguration i e around one tenth of the time required by STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fails and retaining the forwarding database for ports insensitive to cha...

Page 158: ...ng This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result The priority and MAC address of the device in the Spanning Tree that this Managed Switch has accepted as th...

Page 159: ...cted to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol MSTP generates a unique spanning tree for each instance This provides multiple pathways across the network thereby ba...

Page 160: ...default MSTP Multiple Spanning Tree IEEE 802 1s Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Default 32768 Range 0...

Page 161: ...port is selected from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to forwarding This delay i...

Page 162: ...imit The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Configuration Settings for MSTP Figure 4 7 5 MSTP Configuration page screenshot The page includes the following fields Object Description Max Instance Numbers The maximum number of MSTP instances to which this Managed Switch can be...

Page 163: ...nd revision number are both required to uniquely identify an MST region 4 7 1 3 STA Port Information Displaying Interface Settings These parameters are for port or trunk STA Information Figure 4 7 6 STA Port Information page screenshot The page includes the following fields Object Description Spanning Tree Shows if STA has been enabled on this interface STA Status Displays current state of this po...

Page 164: ...e with the root of the Spanning Tree Oper Path Cost The contribution of this port to the path cost of paths towards the spanning tree root which include this port Oper Link Type The operational point to point status of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto detection as described for Admin Link Type in STA Port Configuration Oper ...

Page 165: ...orts and trunks Figure 4 7 7 STA Port Configuration page screenshot The following attributes are read only and cannot be changed Object Description STA State Displays current state of this port within the Spanning Tree See Displaying Interface Settings for additional information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configura...

Page 166: ...o two or more bridges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media Default setting Auto Admin Edge Port Fast Forwarding You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the s...

Page 167: ...0 2 000 000 Gigabit Ethernet 3 10 2 000 200 000 Table 4 7 1 Recommended STA Path Cost Range Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10 000 5 000 Table 4 7 2 Recommended STA Path Costs Refer to...

Page 168: ...ral area of your network However remember that you must configure all bridges within the same MSTI Region with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree To use multiple spanning trees 1 Set the spanning tree type to MSTP STA Configuration 2...

Page 169: ...ance identifier to configure Range 0 57 Default 0 VLAN ID VLAN to assign to this selected MST instance Range 1 4094 1 All VLANs are automatically added to the IST Instance 0 2 To ensure that the MSTI maintains connectivity across the network you must configure a related set of bridges with the same MSTI settings 4 7 2 2 Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trun...

Page 170: ... Information page screenshot 4 7 2 3 MSTP Port Configuration Configuring Interface Settings for MSTP You can configure the STA interface settings for an MST Instance using the MSTP Port Configuration and MSTP Trunk Configuration pages Figure 4 7 11 MSTP Port Configuration page screenshot ...

Page 171: ...the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops Where more than one port is assigned the highest priority the port with lowest numeric identifier will be enabled Range 0 240 in steps of 16 Default 128 Admin MST Path ...

Page 172: ...Logically a VLAN can be equated to a broadcast domain because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Managed Switch supports IEEE 802 1Q ...

Page 173: ...d Switch supports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging 1 The Managed S...

Page 174: ...E 802 1Q 802 1p tag The tag is contained in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is ...

Page 175: ...re the VID of a packet to be transmitted to the VID of the port that is to transmit the packet If the two VID are different the switch will drop the packet Because of the existence of the PVID for untagged packets and the VID for tagged packets tag aware and tag unaware network devices can coexist on the same network A switch port can have only one PVID but can have as many VID as the switch has m...

Page 176: ...ly used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch Packets are forwarded only between ports that are designated for the same VLAN Untagged VLANs can be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenev...

Page 177: ...ggregation group s and then you may configure VLAN settings If you wish to change the port link aggregation grouping with VLAN already in place you will not need to reconfigure the VLAN settings after changing the port link aggregation group settings VLAN settings will automatically change in conjunction with the change of the port link aggregation group settings 4 8 1 1 VLAN Basic Information The...

Page 178: ...rts across the network VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network GVRP must be enabled to permit automatic VLAN registration and to support VLANs which extend beyond the local switch Figure 4 8 2 GVRP Status page screenshot The page includes the following fields Object Description GVRP Enables and disables GVRP on the device...

Page 179: ...ort based VLAN for one or two switches you can disable tagging Figure 4 8 3 VLAN Current Table page screenshot The page includes the following fields Object Description VLAN ID ID of configured VLAN 1 4094 Up Time at Creation Time this VLAN was created i e System Up Time Shows how this VLAN was added to the switch Permanent Added as a static entry Status Dynamic GVRP Automatically learned via GVRP...

Page 180: ...AN 1 is the default untagged VLAN VLAN 4093 is reserved for switch clustering and is not user configurable or removable New Allows you to specify the name and numeric identifier for a new VLAN group The VLAN name is only used for management on this system it is not added to the VLAN tag VLAN ID ID of configured VLAN 1 4094 no leading zeroes VLAN Name Name of the VLAN 1 to 32 characters no spaces S...

Page 181: ...keeping the VLAN information intact The VLAN information in the tag can then be used by other 802 1Q compliant devices on the network to make packet forwarding decisions Untagged Ports with untagging enabled will strip the 802 1Q tag from all packets that flow into those ports If the packet doesn t have an 802 1Q VLAN tag the port will not alter the packet Thus all packets received by and forwarde...

Page 182: ...N Range 1 to 32 characters Status Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets Port Port identifier Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk Membership Type Tagged Interface is a member of the VLAN All packets transmitted by the port will be tagged that is carry a t...

Page 183: ...nterface is not a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last table on the VLAN Static Table page 1 You can also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index VLAN Static Membership by Port However ...

Page 184: ...r the interface 3 Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface 4 After configuring VLAN membership for each interface click Apply Figure 4 8 6 VLAN Static Membership by Port page screenshot The page includes the following fields Object Description Interface Port or trunk identifier Query To display membership information for th...

Page 185: ...witches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network Group Address Registration Protocol GARP is used by GVRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you...

Page 186: ...is always enabled Default Enabled Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged for VLANs for which it is not a member these...

Page 187: ...es rejoining the group Range 500 18000 centiseconds Default 1000 centiseconds Mode Indicates VLAN membership mode for an interface Access Sets the port to operate as an untagged interface All frames are sent untagged General Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Trunk Specifies a port as an end point for a VLAN trunk A trunk is a direct link between two ...

Page 188: ...customer specific VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port configured to support QinQ tunneling must be set to tunnel port mode The Service Provider VLAN SPVLAN ID for the specific customer must be assigned to the QinQ tunnel access port on th...

Page 189: ...tag is copied to the outer tag if it is a tagged or priority tagged packet 2 After successful source and destination lookup the ingress process sends the packet to the switching process with two tags If the incoming packet is untagged the outer tag is an SPVLAN tag and the inner tag is a dummy tag 8100 0000 If the incoming packet is tagged the outer tag is an SPVLAN tag and the inner tag is a CVLA...

Page 190: ...ember ports of the outer tag s VLAN 6 After packet classification the packet is written to memory for processing as a single tagged or double tagged packet 7 The switch sends the packet to the proper egress port 8 If the egress port is an untagged member of the SPVLAN the outer tag will be stripped If it is a tagged member the outgoing packet will have two tags Configuration Limitations for QinQ T...

Page 191: ...port to 802 1Q Tunnel Uplink mode see Adding an Interface to a QinQ Tunnel 8 Configure the QinQ tunnel uplink port to join the SPVLAN as a tagged member see Adding Static Members to VLANs VLAN Index on page 3 176 4 8 2 1 802 1Q Tunnel Configuration Enabling QinQ Tunneling on the Switch The Managed Switch can be configured to operate in normal VLAN mode or IEEE 802 1Q QinQ tunneling mode which is u...

Page 192: ...nQ mode before configuring a tunnel port see Enabling QinQ Tunneling on the Switch Use the TPID field to set a custom 802 1Q ethertype value on the selected interface This feature allows the switch to interoperate with third party switches that do not use the standard 0x8100 ethertype to identify 802 1Q tagged frames For example if 0x1234 is set as the custom 802 1Q ethertype on a trunk port incom...

Page 193: ...work 802 1Q Tunnel Uplink Configures IEEE 802 1Q tunneling QinQ for an uplink port to another device within the service provider network Mode Default None 802 1Q Ethernet Type The Tag Protocol Identifier TPID specifies the ethertype of incoming packets on a tunnel access port Range 0800 FFFF hexadecimal Default 8100 Trunk Member Shows if a port is a member or a trunk If you have host devices that ...

Page 194: ...ted VLANs can also be configured Private VLANs and normal VLANs can exist simultaneously within the same switch Primary secondary Associated Group To configure primary secondary associated groups follow these steps 1 Use the Private VLAN Configuration menu to designate one or more community VLANs and the primary VLAN that will channel traffic outside of the VLAN groups 2 Use the Private VLAN Assoc...

Page 195: ...s and their assigned interfaces Figure 4 8 10 Private VLAN Information page screenshot The page includes the following fields Object Description VLAN ID ID of configured VLAN 2 4094 and VLAN type Primary VLAN The VLAN with which the selected VLAN ID is associated A primary VLAN displays its own ID a community VLAN displays the associated primary VLAN and an isolated VLAN displays the stand alone V...

Page 196: ...the following fields Object Description VLAN ID ID of configured VLAN 2 4094 There are three types of private VLANs Primary VLANs Conveys traffic between promiscuous ports and to community ports within secondary or community Community VLANs Conveys traffic between community ports and to their promiscuous ports in the associated primary VLAN Type Isolated VLANs Conveys traffic only between the VLAN...

Page 197: ...associated with a primary VLAN Figure 4 8 12 Private VLAN Association page screenshot The page includes the following fields Object Description Primary VLAN ID ID of primary VLAN 2 4094 Association Community VLANs associated with the selected primary VLAN Non Association Community VLANs not associated with the selected VLAN ...

Page 198: ...he designated promiscuous port s Or the port is an isolated port that can only communicate with the lone promiscuous port within its own isolated VLAN PVLAN Port Type Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLA...

Page 199: ...Displays private VLAN port types Normal The port is not configured in a private VLAN Host The port is a community port and can only communicate with other ports in its own community VLAN and with the designated promiscuous port s Or the port is an isolated port that can only communicate with the lone promiscuous port within its own isolated VLAN PVLAN Port Type Promiscuous A promiscuous port can c...

Page 200: ...ports and from community ports to their designated promiscuous ports Set PVLAN Port Type to Host and then specify the associated Community VLAN Isolated VLAN A single stand alone VLAN that contains one promiscuous port and one or more isolated or host ports This VLAN conveys traffic between the isolated ports and a lone promiscuous port Trunk Shows if a port is a member or a trunk ...

Page 201: ...protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the Protocol VLAN Configuration page 3 Then map the protocol for each interface to the appropriate VLAN using the Protocol VLAN Port Configuration page The following limitations apply to the use of Protocol VLANs A maximum of 20 Protocol VLAN ...

Page 202: ...age screenshot The page includes the following fields Special Protocol Object Description Special Protocol Three fixed protocol types have been preconfigured Protocol Group ID Protocol Group ID assigned to the Special Protocol VLAN Group Range 1 2147483647 Protocol Type For these Protocol VLAN groups the frame type of network traffic is not considered all frame types are accepted IP 0x0800 IPX 0x8...

Page 203: ... Alternately the switch can be power cycled however all unsaved configuration changes will be lost 4 8 4 2 Protocol VLAN Port Configuration Use the Protocol VLAN Port Configuration menu to map a Protocol VLAN Group to a VLAN for the currently selected port or trunk Command Usage Before assigning a protocol group and associated VLAN to a port or trunk first select the required interface from the sc...

Page 204: ...he following fields Object Description Interface Port or Trunk identifier Query Use this button to display the current protocol settings and to select an interface for configuration Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 4094 ...

Page 205: ... wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving security and data isolation Multicast VLAN Registration 4 9 1 Layer 2 IGMP Snooping and Query IGMP Snooping and Query If multicast routing is not supported on other switches in your network you can use IGMP Snooping and Query to monitor IGMP service requests passing between multicast clients and serve...

Page 206: ...ter Interface If IGMP snooping cannot locate the IGMP querier you can manually designate a known IGMP querier i e a multicast router switch connected over the network to an interface on your switch This interface will then join all the current multicast groups supported by the attached router switch to ensure that multicast traffic is passed to all appropriate interfaces within the switch Static I...

Page 207: ...ted querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet Figure 4 9 1 IGMP Configuration pa...

Page 208: ...ange 1 3 Default 2 1 All systems on the subnet must support the same version 2 Some attributes are only enabled for IGMPv2 and or v3 including Act as IGMP Querier IGMP Report Delay and IGMP Query Timeout 4 9 1 2 IGMP Immediate Leave The Managed Switch can be configured to immediately delete a member port of a multicast service if a leave packet is received at that port and the immediate leave func...

Page 209: ...ts Figure 4 9 2 IGMP Immediate Leave page screenshot The page includes the following fields Object Description VLAN ID VLAN Identifier Range 1 4094 Immediate Leave Sets the status for immediate leave on the specified VLAN Default Disabled 4 9 1 3 Multicast Router Port Information Multicast routers that are attached to ports on the Managed Switch use information obtained from IGMP along with a mult...

Page 210: ... this Managed Switch 4 9 1 4 Static Multicast Router Port Configuration Depending on your network connections IGMP snooping may not always be able to locate the IGMP querier Therefore if the IGMP querier is a known multicast router switch connected over the network to an interface port or trunk on your Managed Switch you can manually configure the interface and a specified VLAN to join all the cur...

Page 211: ...nterface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router Port or Trunk Specifies the interface attached to a multicast router 4 9 1 5 IP Multicast Registration Table You can use the IP Multicast Registration Table to display the port members associated with a specified VLAN and multicast service ...

Page 212: ...e 1 224 1 1 12 Eth1 12 USER 1 224 1 2 3 Eth1 12 IGMP 4 9 1 6 IGMP Member Port Table Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages as described in IGMP Configuration For certain applications that require tighter control you may need to statically configure a multicast service on the Managed Switch First add all the ports attached to participating host...

Page 213: ...the following fields Object Description Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router switch Range 1 4094 Multicast IP The IP address for a specific multicast service Port or Trunk Specifies the interface attached to a multicast router switch Figure 4 9 7 IGMP Member Port Table page scree...

Page 214: ...ved on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two ac...

Page 215: ... When you have created an IGMP profile number you can then configure the multicast groups to filter and set the access mode Command Usage Each profile has only one access mode either permit or deny When the access mode is set to permit IGMP join reports are processed when a multicast group falls within the controlled range When the access mode is set to deny IGMP join reports are only processed wh...

Page 216: ...rent Multicast Address Range List Lists multicast groups currently included in the profile Select an entry and click the Remove button to delete it from the list 4 9 2 3 IGMP Filter Throttling Port Configuration Once you have configured IGMP profiles you can assign them to interfaces on the Managed Switch Also you can set the IGMP throttling number to limit the number of multicast groups an interf...

Page 217: ... join at the same time Range 0 255 Default 255 Current Multicast Groups Displays the current number of multicast groups the interface has joined Throttling Action Mode Sets the action to take when the maximum number of multicast groups for the interface has been exceeded Default Deny deny The new multicast group join report is dropped replace The new multicast group replaces an existing group Thro...

Page 218: ... use any multicast routing protocol MVR maintains the user isolation and data security provided by VLAN segregation by passing only multicast traffic into other VLANs to which the subscribers belong Even though common multicast streams are passed onto different VLAN groups from the MVR VLAN users in different IEEE 802 1Q or private VLANs cannot exchange any information except through upper level r...

Page 219: ...bling or disabling MVR for the Managed Switch selecting the VLAN that will serve as the sole channel for common multicast streams supported by the service provider and assigning the multicast group address for each of these services to the MVR VLAN Figure 4 9 11 MVR Configuration page screenshot The page includes the following fields Object Description MVR Status When MVR is enabled on the switch ...

Page 220: ...t filtering Receiver ports can belong to different VLANs but should not be configured as a member of the MVR VLAN IGMP snooping can be used to allow a receiver port to dynamically join or leave multicast groups within an MVR VLAN Multicast groups can also be statically assigned to a receiver port see Assigning Static Multicast Groups to Interfaces However if a receiver port is statically configure...

Page 221: ...ding Static Members to VLANs VLAN Index Receiver A subscriber port that can receive multicast data sent through the MVR VLAN Any port configured as an receiver port will be dynamically added to the MVR VLAN when it forwards an IGMP report or join message from an attached host requesting any of the designated multicast services supported by the MVR VLAN Non MVR An interface that does not participat...

Page 222: ...source ports is ACTIVE if MVR is globally enabled on the Managed Switch MVR status for receiver ports is ACTIVE only if there are subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface Immediate Leave Shows if immediate leave is enabled or disabled Trunk Member Shows if port is a trunk member 4 9 3 4 MVR Group Member Con...

Page 223: ...roup Member page screenshot 1 Click MVR Group Member Configuration 2 Select a port or trunk from the Interface field and click Query to display the assigned multicast groups 3 Select a multicast address from the displayed lists and click the Add or Remove button to modify the Member list The page includes the following fields Object Description Interface Indicates a port or trunk Member Shows the ...

Page 224: ...gned to the MVR VLAN either through IGMP snooping or static configuration Figure 4 9 15 MVR Group IP Table page screenshot The page includes the following fields Object Description Group IP Multicast groups assigned to the MVR VLAN Group Port List Shows the interfaces with subscribers for multicast services provided through the MVR VLAN ...

Page 225: ...lect traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on network policies different kinds of traffic can be marked for different kinds of forwarding This section has the following items Priority Default Port Priority Sets the default priority for each port Default Trunk Priority Sets the default priority for each trunk Traffic Classes Maps IEEE 802 1p priority...

Page 226: ... and then sorted into the appropriate priority queue at the output port Command Usage This Managed Switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not apply to IEEE 802 1...

Page 227: ...ypes i e receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used If the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Figure 4 10 1 Default Port Priority page screenshot ...

Page 228: ...ding to recommendations in the IEEE 802 1p standard as shown in the following table 802 1p Priority 0 1 2 3 4 5 6 7 Queue 1 0 0 1 2 2 3 3 Table 4 10 1 Mapping CoS Values to Egress Queues Command Sequence 1 Mark an interface and click Select to display the current mapping of CoS values to output queues 2 Assign priorities to the traffic classes i e output queues for the selected interface then clic...

Page 229: ...ommendations in the IEEE 802 1p standard However you can map the priority levels to the Managed Switch s output queues in any way that benefits application traffic for your own network Priority Level Traffic Type 1 Background 2 Spare 0 default Best Effort 3 Excellent Effort 4 Controlled Load 5 Video less than 100 milliseconds latency and jitter 6 Voice less than 10 milliseconds latency and jitter ...

Page 230: ...t queue Thus a queue weighted 8 will be allowed to transmit up to 8 packets after which the next lower priority queue will be serviced according to it s weighting This prevents the head of line blocking that can occur with strict priority queuing Hybrid mode uses strict priority queuing for the highest priority queue queue 3 processing queues 2 through 0 according to their WRR weights Figure 4 10 ...

Page 231: ...applications assigned a specific priority value Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights for allocated service priorities When using WRR assign a weight of 1 15 to each of the hardware queues A queue s weight must be less than or equal to the weight of the next higher priority queue that is Q0 Q1 Q2 Q3 1 Click Priority Queue Scheduling 2 Select...

Page 232: ...s for IP TOS see page 3 227 or six bits for Differentiated Services Code Point DSCP service When these services are enabled the priorities are mapped to a Class of Service output queue Because different priority information may be contained in the traffic the Managed Switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP ...

Page 233: ...ds of forwarding The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS queue 0 IP DSCP Value CoS Queue 0 8 0 10 12 14 16 18 20 22 24 1 26 28 30 32 34 36 38 40 42 2 46 48 56 3 Table 4 10 3 IP DSCP to CoS Queue Mapping Figure 4 10 6 IP DSCP Priority page screenshot The page includes the following fields Object Description DS...

Page 234: ...ut Queue 0 Routine 0 1 Priority 0 2 Immediate 1 3 Flash 1 4 Flash Override 2 5 Critical 2 6 Internetwork Control 3 7 Network Control 3 Table 4 10 4 Mapping IP Precedence Values to CoS Priority Queues 1 Click QoS Priority IP Precedence Priority Status 2 Set the IP Precedence Priority Status to Enabled 3 Click QoS Priority IP Precedence Priority 4 Select an entry from the IP Precedence Priority Tabl...

Page 235: ...ue Maps an IP Precedence value to a CoS queue Note that queue 0 represents low priority and 3 represent high priority 4 10 2 7 Mapping IP TOS Priority The Type of Service TOS octet in the IPv4 header is divided into three parts Precedence 3 bits TOS 4 bits and MBZ 1 bit The Precedence bits indicate the importance of a packet whereas the TOS bits indicate how the network should make tradeoffs betwe...

Page 236: ...put Queue 0 Normal service 0 1 Minimize monetary cost 0 2 Maximize reliability 1 4 Maximize throughput 2 8 Minimize delay 3 Table 4 10 5 Mapping IP TOS Values to CoS Priority Queues 1 Click QoS Priority IP TOS Priority Status 2 Set the IP TOS Priority Status to Enabled 3 Click QoS Priority IP TOS Priority 4 Select an IP TOS value in the IP TOS Priority Table enter a queue number in the Class of Qu...

Page 237: ...epresent high priority 4 10 2 10 Mapping IP Port Priority You can also map network applications to Class of Service queues based on the IP port number i e TCP UDP port number in the frame header Some of the more common TCP service ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 1 Click QoS Priority IP Port Priority Status 2 Set IP Port Priority Status to Enabled 3 Click QoS Priority IP Port Pr...

Page 238: ...wing fields Object Description IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS queue map IP Port Number TCP UDP Set a new IP port number Class of Queue Service Value Sets a CoS queue for a new IP port Note that 0 represents low priority and 3 represent high priority IP Port Priority settings apply to all interfaces ...

Page 239: ... new IP port number Class of Queue Service Value Sets a CoS queue for a new IP port Note that 0 represents low priority and 3 represent high priority 4 10 2 13 Mapping CoS Values to ACLs Use the ACL CoS Mapping page to set the output queue for packets matching an ACL rule as shown in the following table Note that the specified CoS value is only used to map the matching packet to an output queue it...

Page 240: ...e 4 10 13 ACL CoS Priority page screenshot The page includes the following fields Object Description Port Port identifier Name Name of a configured ACL Type Type of ACL IP or MAC CoS Values CoS values used for packets matching the ACL rule Range 0 7 Figure 4 10 14 ACL CoS Priority page screenshot ...

Page 241: ...use class information to prioritize the resources allocated to different traffic classes The manner in which an individual device handles traffic in the DiffServ architecture is called per hop behavior All devices along a path should be configured in a consistent manner to construct a consistent end to end QoS solution 1 You can configure up to 16 rules per Class Map You can also include multiple ...

Page 242: ...policy map to create a service policy for a specific interface that defines packet classification service tagging and bandwidth policing Note that one or more class maps can be assigned to a policy map Figure 4 10 15 Class Map page screenshot The page includes the following fields Object Description Modify Name and Description Configures the name and a brief description of a class map Range 1 16 c...

Page 243: ...ludes the following fields Object Description Class Name Name of the class map Range 1 16 characters Type Only one match command is permitted per class map so the match any field refers to the criteria specified by the lone match command Description A brief description of a class map Range 1 64 characters Add Adds the specified class Back Returns to previous page with making any changes ...

Page 244: ...ds Object Description Class Name List of class maps ACL List Name of an access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs Range 1 16 characters Add Adds specified criteria to the class Up to 16 items are permitted per class Remove Deletes the selected criteria from the class Figure 4 10 19 Standard ACL page screenshot ...

Page 245: ...ew policy A policy map can contain multiple class statements that can be applied to the same interface with the Service Policy Settings You can configure up to 64 policers i e meters or class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL IPv6 Standard ACL and IPv6 Extended ACL Also note that the maximum number of classes that can be applied...

Page 246: ... Edit Classes Opens the Policy Rule Settings page for the selected class entry Modify the criteria used to service ingress traffic on this page Add Policy Opens the Policy Configuration page Enter a policy name and description on this page and click Add to open the Policy Rule Settings page Enter the criteria used to service ingress traffic on this page Remove Policy Deletes a specified policy Fig...

Page 247: ...The page includes the following fields Object Description Policy Name Name of policy map Range 1 16 characters Description A brief description of a policy map Range 1 64 characters Add Adds the specified policy Back Returns to previous page with making any changes Policy Rule Settings Figure 4 10 24 Policy Rule Settings page screenshot ...

Page 248: ...in Match Class Settings Range CoS 0 7 DSCP 0 63 Check this to define the maximum throughput burst rate and the action that results from a policy violation Rate bps Rate in kilobits per second Range 1 100000 kbps or maximum port speed whichever is lower Meter Burst byte Burst in bytes Range 64 1522 Exceed Action Specifies whether the traffic that exceeds the specified rate will be dropped Add Adds ...

Page 249: ...one policy map to an interface The current firmware does not allow you to bind a policy map to an egress queue 1 Click QoS DiffServ Service Policy Settings 2 Check Enabled and choose a Policy Map for a port from the scroll down box then click Apply Figure 4 10 25 Service Policy Settings page screenshot The page includes the following fields Object Description Ports Specifies a port Ingress Applies...

Page 250: ...et a CoS priority for the VoIP traffic VoIP traffic can be detected on switch ports by using the source MAC address of packets or by using LLDP IEEE 802 1AB to discover connected VoIP devices When VoIP traffic is detected on a configured port the switch automatically assigns the port as a tagged member the Voice VLAN Alternatively switch ports can be manually configured 4 10 4 1 VoIP Traffic Confi...

Page 251: ...tes The Voice VLAN ID cannot be modified when the global Auto Detection Status is enabled 4 10 4 2 VoIP Port Configuration To configure ports for VoIP traffic you need to set the mode Auto or Manual specify the discovery method to use and set the traffic priority You can also enable security filtering to ensure that only VoIP traffic is forwarded on the Voice VLAN Figure 4 10 27 VoIP Port Configur...

Page 252: ... list or through LLDP that discovers VoIP devices attached to the switch Packets received from non VoIP sources are dropped Default Disabled Selects a method to use for detecting VoIP traffic on the port Default OUI OUI Traffic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the source MAC address OUI numbers are assigned to manufacturers and form the first three oct...

Page 253: ...r a MAC address that specifies the OUI for VoIP devices in the network 3 Select a mask from the pull down list to define a MAC address range 4 Enter a description for the devices and then click Add Figure 4 10 28 Telephony OUI List page screenshot The page includes the following fields Object Description Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format...

Page 254: ...ngs Provide a secure web connection SSH Settings Provide a secure shell for secure Telnet access Port Security Configure secure addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports IP Filter Filters management access to the web SNMP or Telnet interface 4 11 1 Configuring User Accounts The guest only has read access for most configuration par...

Page 255: ... levels Defaults admin and guest Displays configuration settings for a new account User Name The name of the user Maximum length 8 characters Maximum number of users 16 Access Level Specifies the user level Options Normal Privileged New Account Password Specifies the user password Range 0 8 characters plain text case sensitive Change Password Sets a new password for the specified user name Add Rem...

Page 256: ...authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Managed Switch RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to...

Page 257: ...n methods for any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted using the TACACS server and finally the local user name and password is checked Figure 4 11 2 Authentication Settings page screenshot The page i...

Page 258: ... listed sequence of servers The process ends when a server either approves or denies access to a user Server IP Address Address of the RADIUS server Server Port Number Network UDP port of authentication server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum lengt...

Page 259: ... server Server IP Address Address of the TACACS server Server Port Number Network TCP port of TACACS server used for authentication messages Range 1 65535 Default 49 Number of Server Transmits Number of times the switch attempts to send an authentication request to the server Range 1 30 Default 2 Timeout for a reply The number of seconds the switch waits for a reply from the server before it resen...

Page 260: ...ps The Managed Switch supports the following AAA features Accounting for IEEE 802 1X authenticated users that access the network through the Managed Switch Accounting for users that access management interfaces on the Managed Switch through the console and Telnet Accounting for commands that users enter at specific CLI privilege levels Authorization of users that access management interfaces on th...

Page 261: ...r the RADIUS server group 1 255 characters Server Index Specifies a RADIUS server and the sequence to use for the group Range 1 5 When specifying the index for a RADIUS sever the server index must already be defined see Configuring Local Remote Logon Authentication 4 11 5 2 AAA TACACS Group Settings The AAA TACACS Group Settings screen defines the configured TACACS servers to use for accounting an...

Page 262: ...e includes the following fields Object Description Group Name Defines a name for the TACACS server group 1 255 characters Server Spefies the TACACS server to use for the group Range 1 4 11 5 3 AAA Accounting Settings AAA accounting is a feature that enables the accounting of requested services for billing or security purposes ...

Page 263: ...od for service requests The default methods are used for a requested service if no other methods have been defined Range 1 255 characters The method name is only used to describe the accounting method s configured on the specified accounting servers and do not actually send any information to the servers about the methods to use Service Request Specifies the service as either 802 1X user accountin...

Page 264: ...ting Update This feature sets the interval at which accounting updates are sent to accounting servers Figure 4 11 8 AAA AAA RADIUS Group Settings screenshot Click Security AAA Accounting Periodic Update Enter the required update interval and click Apply The page includes the following fields Object Description Periodic Update Specifies the interval at which the local accounting service updates inf...

Page 265: ... Apply The page includes the following fields Object Description Port Trunk Specifies a port or trunk number Method Name Specifies a user defined method name to apply to the interface This method must be defined in the AAA Accounting Settings menu Range 1 255 characters 4 11 5 6 AAA Accounting Exec Command Privileges This feature specifies a method name to apply to commands entered at specific CLI...

Page 266: ...r console and Telnet privilege levels Click Apply The page includes the following fields Object Description Commands Privilege Level The CLI privilege levels 0 15 Console Telnet Specifies a user defined method name to apply to commands entered at the specified CLI privilege level 4 11 5 7 AAA Accounting EXEC Settings This feature specifies a method name to apply to console and Telnet connections ...

Page 267: ...onsole and Telnet connections and click Apply The page includes the following fields Object Description Method Name Specifies a user defined method name to apply to console and Telnet connections 4 11 5 8 AAA Accounting Summary This feature displays all accounting configured accounting methods the methods applied to specified interfaces and basic accounting information recorded for user sessions ...

Page 268: ... Object Description Accounting Type Displays the accounting service Method List Displays the user defined or default accounting method Group List Displays the accounting server group Interface Displays the port or trunk to which these rules apply This field is null if the accounting method and associated server group has not been assigned to an interface AAA Accounting Statistics Summary ...

Page 269: ... AAA AAA RADIUS Group Settings screenshot Click Security AAA Authorization Settings To configure a new authorization method specify a method name and a group name select the service then click Add The page includes the following fields Object Description Method Name Specifies an authorization method for service requests The default method is used for a requested service if no other methods have be...

Page 270: ...ies an authorization method name to apply to console and Telnet connections Figure 4 11 13 Settings screenshot 1 Click Security AAA Authorization Exec Settings 2 Enter a defined method name for console and Telnet connections and click Apply The page includes the following fields Object Description Method Name Specifies a user defined method name to apply to console and Telnet connections 4 11 5 12...

Page 271: ...ver command described on page 4 106 If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server genera...

Page 272: ...l be associated with a warning that the site is not recognized as a secure site This is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority For maximum...

Page 273: ... key authentication If password authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentication server as specified on the Authentication Settings page If public key authentication is specified by the client then you must configure authentication keys on both the client and the switch as described in the following ...

Page 274: ... Switch compares the client s password to those stored in memory c If a match is found the connection is allowed To use SSH with only password authentication the host public key must still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys 7 Public Key Authentication When an SSH client attempts...

Page 275: ...lnet sessions and SSH sessions 4 11 7 2 SSH Server Settings The SSH server includes basic settings for authentication Figure 4 11 16 Settings screenshot Click Security SSH Settings Enable SSH and adjust the authentication parameters as required then click Apply Note that you must first generate the host key pair on the SSH Host Key Settings page before you can enable the SSH server The page includ...

Page 276: ...side the switch The host key is shared with the SSH client and is fixed at 1024 bits 4 11 7 3 SSH Host Key Settings A host public private key pair is used to provide secure communications between an SSH client and the switch After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the proceeding section Comm...

Page 277: ...2 Both Default RSA The SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption Save Host Key from Memory to Flash Saves the host key from RAM i e volatile memory to flash memory Otherwise the host key pair is stored to RAM by default Note that you m...

Page 278: ...User s Manual of SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 278 Figure 4 11 18 Settings screenshot ...

Page 279: ...he configuration of the client software and the RADIUS server The encryption method used to pass authentication messages can be MD5 Message Digest 5 TLS Transport Layer Security PEAP Protected Extensible Authentication Protocol or TTLS Tunneled Transport Layer Security The client responds to the appropriate method with its credentials such as a password or certificate The RADIUS server verifies th...

Page 280: ...access to the LAN and switch services and responds to requests from the switch The workstation must be running 802 1X compliant client software such as that offered in the Microsoft Windows XP operating system The client is the supplicant in the IEEE 802 1X specification z Authentication server performs the actual authentication of the client The authentication server validates the identity of the...

Page 281: ...om down to up It then sends an EAP request identity frame to the client to request its identity typically the switch sends an initial identity request frame followed by one or more requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if during bootup the client does not receive an EAP request identity frame from the switc...

Page 282: ...ocol the client initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state change...

Page 283: ... Object Description 802 1X System Authentication Control The global settings for 802 1X 4 11 8 3 802 1X Configuration The 802 1X protocol provides port authentication The 802 1X protocol must be enabled globally for the switch system before port settings are active Figure 4 11 20 Settings screenshot 1 Select Security 802 1X Configuration 2 Enable 802 1X globally for the switch and click Apply The ...

Page 284: ...ity lookup process that runs between the switch and authentication server These parameters are described in this section Figure 4 11 21 Settings screenshot The page includes the following fields Object Description Port Port number Status Indicates if authentication is enabled or disabled on the port Default Disabled Operation Mode Allows single or multiple hosts clients to connect to an 802 1X aut...

Page 285: ...lt 2 Quiet Period Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client Range 1 65535 seconds Default 60 seconds Re authentication Period Sets the time period after which a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds Tx Period Sets the time period during an authentication session that ...

Page 286: ...port and then click Query 3 Click Refresh to update the statistics The page includes the following fields Object Description Rx EAPOL Start The number of EAPOL Start frames that have been received by this Authenticator Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator Rx EAPOL Invalid The number of EAPOL frames that have been received by this Authentic...

Page 287: ...MAC address carried in the most recently received EAPOL frame Tx EAPOL Total The number of EAPOL frames of any type that have been transmitted by this Authenticator Tx EAP Req Id The number of EAP Req Id frames that have been transmitted by this Authenticator Tx EAP Req Oth The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator 4 11 8 6 Windows Pl...

Page 288: ...rt Configuration Figure 4 11 24 802 1x Port Configuration 3 Create user data That step are different of Local Authenticate the establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2000 Server and then Figure 4 11 25 Windows Server RADIUS Server setting path ...

Page 289: ...ight not be able to access the RADIUS server 4 11 8 7 802 1X Client Configuration Windows XP is originally 802 1X support As to other operating systems windows 98SE ME 2000 an 802 1X client utility is needed The following procedures show how to configure 802 1X Authentication in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP ...

Page 290: ...W 2840P 290 3 Click Properties to open up the Properties setting window 4 Select Authentication tab 5 Select Enable network access control using IEEE 802 1X to enable 802 1x authentication 6 Select MD 5 Challenge from the drop down list box for EAP type ...

Page 291: ...ick OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process ...

Page 292: ...VLAN See Private VLANs Port Security Configure secure addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports See Configuring 802 1X Port Authentication Web Authentication Allows stations to authenticate and access the network in situations where 802 1X or Network Access authentication methods are infeasible or impractical Network Access Config...

Page 293: ...fy a maximum number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table When the port has reached the maximum number of MAC addresses the selected port will stop learning The MAC addresses already in the address tab...

Page 294: ...The page includes the following fields Object Description Port Port number Name Descriptive text Indicates the action to be taken when a port security violation is detected None No action should be taken Trap Send an SNMP trap message Shutdown Disable the port Trap and Shutdown Send an SNMP trap message and disable the port Action Default None Security Status Enables or disables port security on t...

Page 295: ...nk Trunk number if port is a member This example selects the target port sets the port security action to send a trap and disable the port sets the maximum MAC addresses allowed on the port and then enables port security for the port Figure 4 11 24 Settings screenshot ...

Page 296: ... address and perform DNS queries All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page that facilitates username and password authentication via RADIUS Once authentication is successful the web browser is forwarded on to the originally requested web page 1 RADIUS authentication must be activated and...

Page 297: ...ields Object Description System Authentication Control Enables Web Authentication for the switch Default Disabled Session Timeout Configures how long an authenticated session stays active before it must be re authenticated Range 300 3600 seconds Default 3600 seconds Quiet Period Configures how long a host must wait to attempt authentication again after it has exceeded the maximum allowable failed ...

Page 298: ... Configuration 2 Set the status box to enabled for any port that requires web authentication and click Apply The page includes the following fields Object Description Port Indicates the port being configured Status Configures web authentication status for a port Authenticated Host Counts Indicates how many authenticated hosts are connected to the port 4 11 11 3 Web Authentication Port Information ...

Page 299: ... the IP address of each connected host Status Indicates the authorization status of each connected host Remaining Session Time seconds Indicates the remaining time until the current authorization session for a host expires 4 11 11 4 Re Authentication The Managed Switch allows an administrator to manually force re authentication of any web authenticated host connected to any port Figure 4 11 29 Set...

Page 300: ... SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 300 The page includes the following fields Object Description Interface Indicates the port to query Host IP Indicates the IP address of the host selected for re authentication ...

Page 301: ...erver may optionally assign VLAN settings for the switch port When enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The username and password are both equal to the MAC address being authenticated On the RADIUS server PAP username and passwords must be configured in the MAC address format XX XX XX XX XX XX all in upper c...

Page 302: ...ss table aging time and is only configurable from the Address Table Aging Time web page Default 300 seconds MAC Authentication Reauthentication Time Sets the time period after which a connected MAC address must be reauthenticated When the reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server During the reauthentication process traffic through the port ...

Page 303: ...new MAC addresses are treated as an authentication failure Range 1 1024 Default 1024 Guest VLAN Specifies the VLAN to be assigned to the port when MAC Authentication through 802 1X fails Default Disabled Range 1 4094 The VLAN must already be created and active see Creating VLANs Also when used with 802 1X authentication intrusion action must be set for Guest VLAN see Configuring Port Settings for ...

Page 304: ...d as a success and the host assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses are cleared from the secure MAC address table MAC authentication cannot be configured on trunk ports Ports configured as trunk members are indicated on the in the Trunk column 4 11 12 3 Network Access MAC Address Information Authenticated MAC ad...

Page 305: ...ttribute Displays static or dynamic addresses Address Table Sort Key Sorts the information displayed based on MAC address or port interface Unit Port The port interface associated with a secure MAC address MAC Address The authenticated MAC address RADIUS Server The IP address of the RADIUS server that authenticated the MAC address Time The time when the MAC address was last authenticated Attribute...

Page 306: ...e following filtering modes are supported Standard IP ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified packets can also be filtered based on the TCP control code MAC ACL mode MAC ACL filters packets based on the sou...

Page 307: ...ct Description Name Name of the ACL Maximum length 15 characters There are three filtering modes Standard IP ACL mode that filters packets based on the source IP address Extended IP ACL mode that filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified then you can also filter packets based on the TCP control code ...

Page 308: ...bination of permit or deny rules Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a...

Page 309: ...ed ACL Specify the action i e Permit or Deny Specify the source and or destination addresses Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range Set any other required criteria such as service type protocol type or TCP control code Then click Add ...

Page 310: ...ce level Range 0 7 DSCP DSCP priority level Range 0 63 Protocol Specifies the protocol type to match as TCP UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Start Source destination port number for the specified protocol type Range 0 65535 Source Destination Port End Upper bound of the protocol port range Range 0 65535...

Page 311: ...ost or MAC 4 If you select Host enter a specific address e g 11 22 33 44 55 66 5 If you select MAC enter a base address and a hexadecimal bitmask for an address range 6 Set any other required criteria such as VID Ethernet type or packet format 7 Then click Add The page includes the following fields Object Description Action An ACL can contain any combination of permit or deny rules Source Destinat...

Page 312: ...ess VID VLAN ID Range 1 4094 Ethernet Type This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Packet Format This attribute includes the following packet types Any Any Ethernet packet type eth2 Ethernet II packets 802 3 Ethernet ...

Page 313: ...User s Manual of SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 313 Figure 4 11 39 Settings screenshot ...

Page 314: ...ettings screenshot 1 Click Security ACL Port Binding 2 Mark the Enable field for the port you want to bind to an ACL for ingress or egress traffic select the required ACL from the drop down list then click Apply The page includes the following fields Object Description Port Fixed port or SFP module SGSW 2840 SGSW 2840P Range 1 28 SGSD 1022 SGSD 1022P Range 1 10 IP Specifies the IP ACL to bind to a...

Page 315: ...User s Manual of SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 315 Figure 4 11 41 Settings screenshot ...

Page 316: ...ager IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping addr...

Page 317: ... A single IP address or the starting address of a range End IP Address The end address of a range Add Remove Filtering Entry Adds removes an IP address from the list 4 11 14 2 SNMP IP Filter You can create IP address groups that are allowed management access to the Managed Switch through the SNMP application Figure 4 11 43 SNMP IP Filter page screenshot 1 Click Security IP Filter 2 Enter the IP ad...

Page 318: ... Filter You can create IP address groups that are allowed management access to the Managed Switch through telnet Figure 4 11 44 Telnet IP Filter page screenshot 1 Click Security IP Filter 2 Enter the IP addresses or range of addresses that are allowed management access to an interface and click Add Telnet IP Filtering Entry to update the filter list The page includes the following fields Object De...

Page 319: ...User s Manual of SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 319 End IP Address The end address of a range Add Remove Filtering Entry Adds removes an IP address from the list ...

Page 320: ...excess of this limit are dropped When DHCP snooping is enabled DHCP messages entering an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping Filtering rules are implemented as follows If the global DHCP snooping is disabled all DHCP packets are forwarded If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP packet is received all DHCP pa...

Page 321: ... for itself no filtering takes place However when the switch receives any messages from a DHCP server any packets received from untrusted ports are dropped 4 11 15 1 DHCP Snooping Configuration Use the DHCP Snooping Configuration page to enable DHCP Snooping globally on the Managed Switch or to configure MAC Address Verification Figure 4 11 45 DHCP Snooping Configuration page screenshot The page i...

Page 322: ...on Option Configuration DHCP provides a relay mechanism for sending information about the switch and its DHCP clients to DHCP servers Known as DHCP Option 82 it allows compatible DHCP servers to use the information when assigning IP addresses or to set other services or policies for clients It is also an effective tool in preventing malicious network attacks from attached clients on DHCP services ...

Page 323: ...ddress field that is not the address of this switch or a zero relay address In some cases the Managed Switch may receive DHCP packets from a client that already includes DHCP Option 82 information The switch can be configured to set the action policy for these packets Either the Managed Switch can discard the Option 82 information keep the existing information or replace it with the switch s relay...

Page 324: ...messages from outside the network or firewall When DHCP snooping enabled both globally and on a VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When an untrusted port is changed to a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Set all ports connected to DHCP servers within the local network or firewall to trusted sta...

Page 325: ...ropped When enabled traffic is filtered based upon dynamic entries learned via DHCP snooping see Configuring DHCP Snooping or static addresses configured in the source guard binding table If IP source guard is enabled an inbound packet s IP address sip option or both its IP address and corresponding MAC address sip mac option will be checked against the binding table If no matching entry is found ...

Page 326: ...figures the switch to filter inbound traffic based source IP address or source IP address and corresponding MAC address None Disables IP source guard filtering on the port SIP Enables traffic filtering based on IP addresses stored in the binding table SIP MAC Enables traffic filtering based on IP addresses and corresponding MAC addresses stored in the binding table Filter Type Default None ...

Page 327: ...ually configured lease time Static bindings are processed as follows If there is no entry with the same VLAN ID and MAC address a new entry is added to the binding table using the type static IP source guard binding If there is an entry with the same VLAN ID and MAC address and the type of entry is static IP source guard binding then the new entry will replace the old one If there is an entry with...

Page 328: ...GSW 2840 SGSW 2840P Range 1 28 SGSD 1022 SGSD 1022P Range 1 10 VLAN ID ID of a configured VLAN Range 1 4094 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C 4 11 16 3 Dynamic Information Use the Dynamic Information page to display the source guard binding table for a selected interface Figure 4 11 51 Dynamic IP source guard binding Inf...

Page 329: ...t Description Query by Select an interface to display the source guard binding Options Port VLAN MAC Address IP Address Dynamic Binding Table Counts Displays the number of IP addresses in the source guard binding table Current Dynamic Binding Table Displays the IP addresses in the source guard binding table ...

Page 330: ...ster Commander it automatically discovers other cluster enabled switches in the network These Candidate switches only become cluster Members when manually selected by the administrator through the management station Cluster switches are limited to the same Ethernet broadcast domain There can be up to 100 candidates and 36 member switches in one cluster A switch can only be a member of one cluster ...

Page 331: ...ault Candidate Cluster IP Pool An internal IP address pool that is used to assign IP addresses to Member switches in the cluster Internal cluster IP addresses are in the form 10 x x member ID Only the base IP address of the pool needs to be set since Member IDs can only be between 1 and 36 Note that you cannot change the cluster IP pool when the switch is currently in Commander mode Commander mode...

Page 332: ...Configuration page screenshot The page includes the following fields Object Description Member ID Specify a Member ID number for the selected Candidate switch Range 1 36 MAC Address Select a discoverd switch MAC address from the Candidate Table or enter a specific MAC address of a known switch 4 12 3 Cluster Member Information Displays current cluster Member switch information ...

Page 333: ...ent status of the switch in the cluster IP Address The internal cluster IP address assigned to the Member switch MAC Address The MAC address of the Member switch Description The system description string of the Member switch 4 12 4 Cluster Candidate Information Displays information about discovered switches in the network that are already cluster Members or are available to become cluster Members ...

Page 334: ...840P 334 The page includes the following fields Object Description Role Indicates the current status of Candidate switches in the network MAC Address The MAC address of the Candidate switch Description The system description string of the Candidate switch ...

Page 335: ...wered Device 3 5 watts Voice over IP phones Enterprise can install POE VoIP Phone ATA and other Ethernet non Ethernet end devices to the central where UPS is installed for un interrupt power system and power control system 6 12 watts Wireless LAN Access Points Museum Sightseeing Airport Hotel Campus Factory Warehouse can install the Access Point any where with no hesitation 10 12 watts IP Surveill...

Page 336: ...ve power management is implemented The PSU input power consumption is monitored by measuring voltage and current The input power consumption is equal to the system s aggregated power consumption The power management concept allows all ports to be active and activates additional ports as long as the aggregated power of the system is lower than the power level at which additional PDs cannot be conne...

Page 337: ...4 1 Current mA It shows the PoE device current Amp Consumption W It shows the PoE device current watt Power Limit It can limit the port PoE supply watts Per port maximum value must less 15 4 total ports values must less than the Power Reservation value Once power overload detected the port will auto shut down and keep on detection mode until PD s power consumption lower than the power limit value ...

Page 338: ...d by the PD 0 Default 0 44 to 12 95 Watts 1 Optional 0 44 to 3 84 Watts 2 Optional 3 84 to 6 49 Watts 3 Optional 6 49 to 12 95 Watts 4 Not Allowed Reserved for Future Use Table 4 13 1 Device class Class 4 is defined but is reserved for future use A Class 4 signature cannot be provided by a compliant PD ...

Page 339: ...displays the Console prompt and enters privileged access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to complete your desired tasks 3 When finished exit the session with the quit or exit command After connecting to the system through the console port th...

Page 340: ...address that matches the network segment to which you are attached After you configure the switch with an IP address you can open a Telnet session by performing these steps 1 From the remote host enter the Telnet command and the IP address of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show tha...

Page 341: ...e and display the startup configuration enter Console enable Console show startup config To enter commands that require parameters enter the required parameters after the command keyword For example to set a password for the administrator enter Console config username admin password 0 smith 5 2 2 Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a comma...

Page 342: ...endar class map cluster dot1q tunnel dot1x garp gvrp history interfaces ip lacp line lldp log logging mac mac address table management map mvr network access policy map port private vlan Access groups Access lists Uses an accounting list with this name Banner info Bridge extension information Date and time information Displays class maps Display cluster dot1q tunnel 802 1x content GARP properties ...

Page 343: ...work Management Protocol statistics Simple Network Time Protocol configuration Spanning tree configuration Secure shell server connections Startup system configuration System information TACACS server settings Information about terminal lines System hardware and software versions Virtual LAN settings Shows the voice VLAN information Shows web authentication configuration The command show interface...

Page 344: ...ory of commands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands 5 2 9 Understanding Command Modes The command set is divided into Exec and Configuration classes...

Page 345: ... all commands only from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session with the user name and password admin The system will now display the Console command prompt You can also enter Privileged Exec mode from within Normal Exec mode by entering the enable command followed by the privileged level password super To enter Privileged Exe...

Page 346: ... Telnet configuration and include command such as parity and data bits Multiple Spanning Tree Configuration These commands configure settings for the selected multiple spanning tree instance Policy Map Configuration Creates a DiffServ policy map for multiple interfaces VLAN Configuration Includes the command to create VLAN groups To enter the Global Configuration mode enter the command configure i...

Page 347: ...lowed by the character to display a list of possible matches You can also use the following editing keystrokes for command line processing Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one ...

Page 348: ...ts and replies Access Control List Provides filtering for IP frames based on address protocol or TCP UDP port number or TCP control code or non IP frames based onMAC address or Ethernet type Interface Configures the connection parameters for all Ethernet ports aggregated links and VLANs Link Aggregation Statically groups multiple ports into a single logical trunk configures Link Aggregation Contro...

Page 349: ...ds These commands are used to control the command access mode configuration mode and other basic functions Command Function Mode enable Activates privileged mode NE disable Returns to normal mode from privileged mode PE configure Activates global configuration mode PE show history Shows the command history buffer NE PE reload Restarts the system PE prompt Customizes the prompt used in PE and NE mo...

Page 350: ...he end of the prompt to indicate that the system is in privileged access mode Example Console enable Password privileged level password Console Related Commands disable enable password disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gain access to all commands ...

Page 351: ...abase Configuration and Multiple Spanning Tree Configuration See Understanding Command Modes Default Setting None Command Mode Privileged Exec Example Console configure Console config Related Commands end show history This command shows the contents of the command history buffer Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The history buffer size is fixed at 10 Execu...

Page 352: ...of the configuration modes In this example the 2 command repeats the second command in the Execution history buffer config Console 2 Console config Console config reload This command restarts the system When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config comm...

Page 353: ...prompt RD2 RD2 config end This command returns to Privileged Exec mode Default Setting None Command Mode Global Configuration Interface Configuration Line Configuration and VLAN Database Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode Console config if end Console exit This command returns to the previous configuration mode o...

Page 354: ...s Verification Username quit This command exits the configuration program Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verification Username ...

Page 355: ... including baud rate and console time out Event Logging Controls logging of error messages SMTP Alerts Configures SMTP email alerts Time System Clock Sets the system clock automatically via SNTP server or manually Switch Clustering Configures management of multiple devices via a single IP address Table 5 6 System Management Commands 5 5 1 Device Designation Commands Command Function Mode hostname ...

Page 356: ... displayed by the banner GC banner configureequipment info Configures Equipment information displayed by the banner GC banner configureequipment location Configures Equipment Location information displayed by thebanner GC banner configureip lan Configures IP and LAN information displayed by the banner GC banner configurelp number Configures LP Number information displayed by the banner GC banner c...

Page 357: ...e company command Example Console config banner configure Company ABC Co Responsible department R D Dept Name and telephone to Contact the management people Manager1 name Sr Network Admin phone number 123 555 1212 Manager2 name Jr Network Admin phone number 123 555 1213 Manager3 name Night shift Net Admin Janitor phone number 123 555 1214 The physical location of the equipment City and street addr...

Page 358: ...or other unobtrusive non letter characters is suggested for situations where whitespace is necessary for clarity Example Console config banner configure company ABC Co Console config banner configure dc power info This command is use to configure DC power information displayed in the banner Use the no form to restore the default setting Syntax banner configure dc power info floor floor id row row ...

Page 359: ...Use the no form to restore the default setting Syntax banner configure department dept name no banner configure company dept name The name of the department Maximum length 32 characters Default Setting None Command Mode Global Configuration Command Usage Input strings cannot contain spaces The banner configure department command interprets spaces as data input boundaries The use of underscores _ o...

Page 360: ...ipment info command interprets spaces as data input boundaries The use of underscores _ or other unobtrusive non letter characters is suggested for situations where whitespace is necessary for clarity Example Console config banner configure equipment info manufacturer id switch35 floor 3 row 10 rack 15 shelf rack 12 manufacturer ABC Co Console config banner configure equipment location This comman...

Page 361: ...mask The IP address and subnet mask of the device Maximum length 32 characters Default Setting None Command Mode Global Configuration Command Usage Inpu strings cannot contain spaces The banner configure ip lan command interprets spaces as data input boundaries The use of underscores _ or other unobtrusive non letter characters is suggested for situations where whitespace is necessary for clarity ...

Page 362: ...er info name mgr1 name phone number mgr1 number name2 mgr2 name phone number mgr2 number name3 mgr3 name phone number mgr3 number no banner configure manager info name1 name2 name3 mgr1 name The name of the first manager mgr1 number The phone number of the first manager mgr2 name The name of the second manager mgr2 number The phone number of the second manager mgr3 name The name of the third manag...

Page 363: ...t strings cannot contain spaces The banner configure mux command interprets spaces as data input boundaries The use of underscores _ or other unobtrusive non letter characters is suggested for situations where whitespace is necessary for clarity Example Console config banner configure mux telco 8734212kx_PVC 1 23 Console config banner configure note This command is used to configure the note displ...

Page 364: ...ed Console config show banner This command displays all banner information Command Mode Normal Exec Privileged Exec Example Console show banner ABC Co WARNING MONITORED ACTIONS AND ACCESSES R D_Dept Albert_Einstein 123 555 1212 Steve 123 555 9876 Lamar 123 555 3322 Station s information 710_Network_Path Indianapolis ABC Co switch35 Floor Row Rack Sub Rack 7 10 15 6 DC power supply Power Source A F...

Page 365: ...ed in non volatile memory that is used to start up the system Default Setting None Command Mode Privileged Exec Command Usage Use this command in conjunction with the show running config command to compare the information in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the c...

Page 366: ...te rate 1000 level 5 snmp server community public ro snmp server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca snmp server community public ro snmp server community private rw no logging...

Page 367: ...figuration information currently in use Default Setting None Command Mode Privileged Exec Command Usage Use this command in conjunction with the show startup config command to compare the information in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode comm...

Page 368: ...ample Console show running config building startup config please wait stackingDB 00 stackingDB stackingMac 01_00 30 4f 10 22 bc_01 stackingMac phymap 00 30 4f 10 22 SNTP server 0 0 0 0 0 0 0 0 0 0 0 0 broadcast byte rate 1000 level 5 no dot1q tunnel system tunnel control SNMP server community public ro SNMP server community private rw username admin access level 15 username admin password 7 21232f...

Page 369: ...itchport allowed vlan add 4093 tagged interface VLAN 1 IP address DHCP line console line vty end Console Related Commands show startup config show system This command displays system information Command Mode Normal Exec Privileged Exec Command Usage For a description of the items shown by this command refer to Displaying System Information on page 3 12 The POST results should all display PASS If a...

Page 370: ...rver Enabled Web Secure Server Port 443 Telnet Server Enable Telnet Server Port 23 Jumbo Frame Disabled POST Result DUMMY Test 1 PASS UART Loopback Test PASS DRAM Test PASS Switch Int Loopback Test PASS Done All Pass Console show users Shows all active console and Telnet sessions including user name idle time and IP address of Telnet client Command Mode Normal Exec Privileged Exec Command Usage Th...

Page 371: ...emote IP addr Username Idle time h m s 1 HTTP 192 168 1 19 admin 0 00 00 Console show version This command displays hardware and software version information for the system Command Mode Normal Exec Privileged Exec Command Usage See Displaying Switch Hardware Software Versions on page 3 14 for detailed information on the items displayed by this command Example Console show version Serial Number 001...

Page 372: ...s by supporting jumbo frames up to 9216 bytes Compared to standard Ethernet frames that run only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields T To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all...

Page 373: ...up configuration file can be specified as the destination file to directly replace it Note that the file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the switch Command Function Mode copy Copies a code image or a switch configuration to or from flash memory or a TFTP server PE delete Deletes a file or code image PE dir Displays a list of file...

Page 374: ... operation code files The maximum number of user defined configuration files depends on available memory You can use Factory_Default_Config cfg as the source to copy from the factory default configuration file but you cannot use it as the destination To replace the startup configuration you must use startup config as the destination The Boot ROM and Loader cannot be uploaded or downloaded from the...

Page 375: ...FLASH Programming Write to FLASH finish Success Console The following example shows how to download a configuration file Console copy tftp startup config TFTP server ip address 10 1 0 99 Source configuration file name startup 01 Startup configuration file name startup Write to FLASH Programming Write to FLASH finish Success Console This example shows how to copy a secure site certificate from an T...

Page 376: ...192 168 1 19 Choose public key type 1 RSA 2 DSA 1 2 1 Source file name steve pub Username steve TFTP Download Success Write to FLASH Programming Success Console delete This command deletes a file or image Syntax delete filename filename Name of the configuration file or image name Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be delete...

Page 377: ...nd Usage If you enter the command dir without any parameters the system displays all files File information is shown below Command Group Description file name The name of the file file type File types Boot Rom Operation Code and Config file startup Shows if this file is used when the system is started size The length of the file in bytes Table 5 12 File Directory Information Example The following ...

Page 378: ...y this command Console whichboot File name File type Startup Size byte align Unit1 SGSD 1022_DIAG_V0011 bix Boot Rom Image Y 305424 SGSD 1022_RUNTIME_V0035_m bix Operation Code Y 3018936 startup1 cfg Config File Y 4648 Console boot system This command specifies the image used to start up the system Syntax boot system boot rom config opcode filename The type of file or image to set as a default inc...

Page 379: ...ne Identifies a specific line for configuration and starts the lineconfiguration mode GC login Enables password checking at login LC password Specifies a password on a line LC timeout login response Sets the interval that the system waits for a user to log into the CLI LC exec timeout Sets the interval that the command interpreter waits until userinput is detected LC password thresh Sets the passw...

Page 380: ...e terminal line vty Virtual terminal for remote console access i e Telnet Default Setting There is no default line Command Mode Global Configuration Command Usage Telnet is considered a virtual terminal connection and will be shown as VTY in screen displays such as show users However the serial communication parameters e g databits do not affect Telnet or SSH connections Example To enter console l...

Page 381: ...thentication When using this method the management interface starts in Normal Exec NE mode This command controls login authentication via the switch itself To configure user names and passwords for remote authentication servers you must use the RADIUS or TACACS software installed on those servers Example Console config line login local Console config line Related Commands username password passwor...

Page 382: ...e This command sets the interval that the system waits for a user to log into the CLI Use the no form to restore the default Syntax timeout login response seconds no timeout login response seconds Integer that specifies the timeout interval Range 0 300 seconds 0 disabled Default Setting CLI Disabled 0 seconds Telnet 600 seconds Command Mode Line Configuration Command Usage If a login attempt is no...

Page 383: ...erwise the session is terminated This command applies to both the local console and Telnet connections The timeout for Telnet cannot be disabled Using the command without specifying a timeout restores the default setting Example To set the timeout to two minutes enter this command Console config line exec timeout 120 Console config line Related Commands silent time timeout login response password ...

Page 384: ... Related Commands silent time timeout login response silent time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password thresh command Use the no form to remove the silent time value Syntax silent time seconds no silent time seconds The number of seconds to disable console response Range ...

Page 385: ...haracter If no parity is required specify 8 data bits per character Example To specify 7 data bits enter this command Console config line databits 7 Console config line Related Commands parity parity This command defines the generation of a parity bit Use the no form to restore the default setting Syntax parity none even odd no parity none No parity even Even parity odd Odd parit Default Setting N...

Page 386: ...tch the baud rate of the device connected to the serial port Some baud rates available on devices connected to the port might not be supported The system indicates if the speed you selected is not supported Example To specify 57600 bps enter this command Console config line speed 19200 Console config line stopbits This command sets the number of the stop bits transmitted per byte Use the no form t...

Page 387: ...ct the console connection Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection Example Console disconnect 1 Console Related Commands show ssh show users show line This command displays the terminal line s parameters Syntax show line console vty console Console terminal line vty Virtual terminal for remote console access i e Telnet Default Setting Shows...

Page 388: ... logging on Controls logging of error messages GC logging history Limits syslog messages saved to switch memory based on severity GC logging host Adds a syslog server host IP address that will receive logging messages GC logging facility Sets the facility type for remote logging of syslog messages GC logging trap Limits syslog messages saved to a remote server based on severity GC clear log Clears...

Page 389: ... severity The no form returns the logging of syslog messages to the default level Syntax logging history flash ram level no logging history flash ram flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset level One of the levels listed below Messages sent include the selected level down to level 0 Range 0 7 Table ...

Page 390: ...han that specified for RAM Example Console config logging history ram 0 Console config logging host This command adds a syslog server host IP address that will receive logging messages Use the no form to remove a syslog server host Syntax no logging host host_ip_address host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration Command Usage Use this c...

Page 391: ... messages in the corresponding database Example Console config logging facility 19 Console config logging trap This command enables the logging of system messages to a remote server or limits the syslog messages saved to a remote server based on severity Use this command without a specified level to enable remote logging Use the no form to disable remote logging Syntax logging trap level no loggin...

Page 392: ...rivileged Exec Example Console clear log Console Related Commands show logging show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or to a remote syslog server Syntax show logging flash ram sendmail trap flash Displays settings for storing event messages in flash memory i e permanent memory ram Displays settings for sto...

Page 393: ...ash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging history command History logging in RAM The message level s reported based on the logging history command The following example displays settings for the trap function Console show logging trap Sys...

Page 394: ...ess of syslog servers as specified in the logging host command Related Commands show logging sendmail show log This command displays the system and event messages stored in memory Syntax show log flash ram login flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset login Shows the login record only Default Settin...

Page 395: ...ables SMTP event handling GC show logging sendmail Displays SMTP event handler settings NE PE Table 4 18 SMTP Alert Commands logging sendmail host This command specifies SMTP servers that will be sent alert messages Use the no form to remove an SMTP server Syntax no logging sendmail host ip_address ip_address IP address of an SMTP server that will be sent alert messages for event handling Default ...

Page 396: ...ssages sent include the selected level down to level 0 Range 0 7 Default 7 Default Setting Level 7 Command Mode Global Configuration Command Usage The specified level indicates an event threshold All events at this level or higher will be sent to the configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for ...

Page 397: ...ipients of alert messages Use the no form to remove a recipient Syntax no logging sendmail destination email email address email address The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient...

Page 398: ... Console 5 9 Time Commands The system clock can be dynamically set by polling a set of specified time servers NTP or SNTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries If the clock is not set the switch will only record the time from the factory default set at the last bootup Command Function Mode sntp client Accepts time f...

Page 399: ...s is used to record accurate dates and times for log events Without SNTP the switch only records the time starting from the factory default set at the last bootup i e 00 00 00 Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command Example Console config s...

Page 400: ...will poll for time updates when set to SNTP client mode The client will poll the time servers in the order specified until a response is received It issues time synchronization requests based on the interval set via the sntp poll command Example Console config sntp server 10 1 0 19 Console config Related Commands sntp client sntp poll show sntp sntp poll This command sets the interval between send...

Page 401: ...TP mode i e unicast Example Console show sntp Current time Dec 23 05 13 28 2002 Poll interval 16 Current mode unicast SNTP status Enabled SNTP server 137 92 140 80 0 0 0 0 0 0 0 0 Current server 137 92 140 80 Console clock timezone This command sets the time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually ...

Page 402: ...TC Console config Related Commands show sntp calendar set This command sets the system clock It may be used if there is no time server on your network or if you have not configured the switch to receive signals from a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1...

Page 403: ...cluster member Sets Candidate switches as cluster members GC rcommand Provides configuration access to Member switches GC show cluster Displays the switch clustering status PE show cluster members Displays current cluster Members PE show cluster candidates Displays current cluster Candidates in the network PE Table 5 20 Switch Cluster Commands Using Switch Clustering A switch cluster has a primary...

Page 404: ...a Cluster Commander Set a Cluster IP Pool that does not conflict with any other IP subnets in the network Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Cluster switches are limited to the same Ethernet broadcast domain There can be up to 100 candidates and 36 member switches in one cluster A switch ca...

Page 405: ...ddress for IP addresses assigned to cluster Members The IP address must start 10 x x x Default Setting 10 254 254 1 Command Mode Global Configuration Command Usage An internal IP address pool is used to assign IP addresses to Member switches in the cluster Internal cluster IP addresses are in the form 10 x x member ID Only the base IP address of the pool needs to be set since Member IDs can only b...

Page 406: ...ess 00 12 34 56 78 9a id 5 Console config rcommand This command provides access to a cluster Member CLI for configuration Syntax rcommand id member id member id The ID number of the Member switch Range 1 36 Command Mode Privileged Exec Command Usage This command only operates through a Telnet connection to the Commander switch Managing cluster Members using the local console CLI on the Commander i...

Page 407: ...es 2 Console show cluster members This command shows the current switch cluster members Command Mode Privileged Exec Example Console show cluster members Cluster Members ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 30 4f 28 40 c0 Description 24 48 L2 L4 IPV4 IPV6 GE Switch Console show cluster candidates This command shows the discovered Candidate switches in the network Command ...

Page 408: ...vel i e authentication and privacy and then assign SNMP users to these groups along with their specific authentication and privacy passwords Command Function Mode snmp server Enables the SNMPv3 server GC show snmp Displays the status of SNMP communications NE PE snmp server community Sets up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contac...

Page 409: ...onfig show snmp This command can be used to check the status of SNMP communications Default Setting None Command Mode Normal Exec Privileged Exec Command Usage This command provides information on the community access strings counter information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command Example Console s...

Page 410: ... SNMP v1 and v2c community access string Use the no form to remove the specified community string Syntax snmp server community string ro rw no snmp server community string string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are o...

Page 411: ...ng String that describes the system contact information Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Console config snmp server contact Paul Console config Related Commands snmp server location snmp server location This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp serve...

Page 412: ...to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default 1500 centiseconds community string Password like community string sent with the notification operation to SNMP V1 and V2c hosts Although you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to...

Page 413: ... the SNMP agent page 4 68 Allow the switch to send SNMP traps i e notifications page 4 74 Specify the target host that will receive inform messages with the snmp server host command as described in this section Create a view with the required notification messages page 4 77 Create a group that includes the required notify view page 4 79 To send an inform to a SNMPv3 host complete these steps Enabl...

Page 414: ... In order to configure this device to send SNMP notifications you must enter at least one snmp server enable traps command If you enter the command with no keywords both authentication and link up down notifications are enabled If you enter the command with a keyword only the notification type related to that keyword is enabled The snmp server enable traps command is used in conjunction with the s...

Page 415: ... ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A remote engine ID is required when using SNMPv3 informs See snmp server host on page 4 72 The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host SNMP passwords are localized using the eng...

Page 416: ...address IP address of the device containing the corresponding remote SNMP engine snmp server view This command adds an SNMP view which controls user access to the MIB Use the no form to remove an SNMP view Syntax snmp server view view name oid tree included excluded no snmp server view view name view name Name of an SNMP view Range 1 64 characters oid tree Object identifier of a branch within the ...

Page 417: ...nfig snmp server view ifEntry 2 1 3 6 1 2 1 2 2 1 2 included Console config This view includes the MIB 2 interfaces table and the mask selects all index entries Console config snmp server view ifEntry a 1 3 6 1 2 1 2 2 1 1 included Console config show snmp view This command shows information on the SNMP views Command Mode Privileged Exec Example Console show snmp view View Name mib 2 Subtree OID 1...

Page 418: ...3 39 for further information about these authentication and encryption options readview Defines the view for read access 1 64 characters writeview Defines the view for write access 1 64 characters notifyview Defines the view for notifications 1 64 characters Default Setting Default groups public19 read only private20 read write readview Every object belonging to the Internet OID space 1 3 6 1 writ...

Page 419: ...d SNMPv2c read only access and read write access Command Mode Privileged Exec Example Console show snmp group Group Name r d Security Model v3 Read View defaultview Write View daily Notify View none Storage Type permanent Row Status active Group Name public Security Model v1 Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Mo...

Page 420: ...e SNMP version readview The associated read view writeview The associated write view notifyview The associated notify view storage type The storage type for this entry Row Status The row status of this entry snmp server user This command adds a user to an SNMP group restricting the user to a specific SNMP Read Write or Notify View Use the no form to remove a user from an SNMP group Syntax snmp ser...

Page 421: ...rom the password You should therefore configure the engine ID with the snmp server engine id command before using this configuration command Before you configure a remote user use the snmp server engine id command page 4 75 to specify the engine ID for the remote device where the user resides Then use the snmp server user command to specify the user and the IP address for the remote device where t...

Page 422: ...EngineId 80000000030004e2b316c54321 User Name mark Authentication Protocol mdt Privacy Protocol des56 Storage Type nonvolatile Row Status active Console Field Description EngineId String identifying the engine ID User Name Name of user connecting to the SNMP agent Authentication Protocol The authentication protocol used with SNMPv3 Privacy Protocol The privacy protocol used with SNMPv3 Storage Typ...

Page 423: ...ific ports using 802 1X Management IP Filter Configures IP addresses that are allowed management access Table 5 26 Authentication Commands 5 12 1 User Account Commands The basic commands required for management access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 39 user authentication via a remote authenticat...

Page 424: ...mmand Mode Global Configuration Command Usage The encrypted password is required for compatibility with legacy password settings i e plain text or encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example This Example shows how to set the access level an...

Page 425: ...sword is required for compatibility with legacy password settings i e plain text or encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Console config enable password level 15 0 admin Console config Related Commands enable authentication enable 5 1...

Page 426: ...lege level for each user name and password pair The user name password and privilege level must be configured on the authentication server You can specify three authentication methods in a single command to indicate the authentication sequence For Example if you enter authentication login radius tacacs local the user name and password on the RADIUS server is verified first If the RADIUS server is ...

Page 427: ...e For example if you enter authentication enable radius tacacs local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted on the TACACS server If the TACACS server is not available the local user name and password is checked Example Console config authentication enable radius Console config Related Commands enable ...

Page 428: ...pecify up to five servers These servers are queried in sequence until a server responds or the retransmit period expires host_ip_address IP address of server auth_port RADIUS server UDP port used for authentication messages Range 1 65535 acct_port RADIUS server UDP port used for accounting messages Range 1 65535 timeout Number of seconds the switch waits for a reply before resending a request Rang...

Page 429: ...adius server acct port This command sets the RADIUS server port used for accounting messages Use the no form to restore the default Syntax radius server acct port port_number no radius server acct port port_number RADIUS server UDP port used for accounting messages Range 1 65535 Default Setting 1813 Command Mode Global Configuration Example Console config radius server acct port 8181 Console confi...

Page 430: ...Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 Default Setting 2 Command Mode Global Configuration Example Console config radius server retransmit 5 Console config radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeou...

Page 431: ...er Default Setting None Command Mode Privileged Exec Example Console show radius server Global Settings Communication Key with RADIUS Server Auth Port 1812 Acct port 1813 Retransmit Times 2 Request Timeout 5 Server 1 Server IP Address 10 1 2 3 Communication Key with RADIUS Server Auth Port 1812 Acct port 1813 Retransmit Times 2 Request Timeout 5 Radius server group Group Name Member Index radius 1...

Page 432: ...g an authentication request GC show tacacs server Shows the current TACACS settings GC Table 5 31 TACACS Commands tacacs server host This command specifies TACACS servers and parameters Use the no form to restore the default Syntax no tacacs server index host host_ip_address port port_number timeout timeout retransmit retransmit key key index Specifies the index number of the server Range 1 host_i...

Page 433: ...entication messages Range 1 65535 Default Setting 49 Command Mode Global Configuration Example Console config tacacs server port 181 Console config tacacs server key This command sets the TACACS encryption key Use the no form to restore the default Syntax tacacs server key key_string no tacacs server key key_string Encryption key used to authenticate logon access for the client Do not use blank sp...

Page 434: ...0 Default Setting 2 Command Mode Global Configuration Example Console config tacacs server retransmit 5 Console config tacacs server timeout This command sets the interval between transmitting authentication requests to the TACACS server Use the no form to restore the default Syntax tacacs server timeout number_of_seconds no tacacs server timeout number_of_seconds Number of seconds the switch wait...

Page 435: ...rivileged Exec Example Console show tacacs server Remote TACACS server configuration Global Settings Communication Key with TACACS Server Server Port Number 49 Retransmit Times 2 Request Times 5 Server 1 Server IP address 1 2 3 4 Communication key with TACACS server Server port number 49 Retransmit Times 2 Request Times 5 Tacacs server group Group Name Member Index tacacs 1 Console ...

Page 436: ...to an interface for 802 1X service requests IC accounting exec Applies an accounting method to local console Telnet orSSH connections Line accounting commands Applies an accounting method to CLI commands entered by a user Line aaa authorization exec Enables authorization of Exec sessions GC authorization exec Applies an authorization method to local console Telnet orSSH connections Line show accou...

Page 437: ...ying the index for a TACACS server that server index must already be defined by the tacacs server host command see page 4 93 Example Specify the group name for a list of RADIUS servers and then specify the server to add to the group Console config aaa group server radius tps Console config sg radius server 10 2 68 120 Console config sg radius aaa accounting dot1x This command enables the accountin...

Page 438: ...unting dot1x default start stop group radius Console config aaa accounting exec This command enables the accounting of requested Exec services for network connections Use the no form to disable the accounting service Syntax aaa accounting exec default method name start stop group radius tacacs server group no aaa accounting exec default method name default Specifies the default accounting method f...

Page 439: ...l default method name level The privilege level for executed commands Range 0 15 default Specifies the default accounting method for service requests method name Specifies an accounting method for service requests Range 1 255 characters start stop Records accounting from starting point and stopping point group Specifies the server group to use tacacs Specifies all TACACS hosts configure with the t...

Page 440: ... Command Usage When accounting updates are enabled the switch issues periodic interim accounting records for all users on the system Using the command without specifying an interim interval enables updates but does not change the current interval setting Example Console config aaa accounting update periodic 30 Console config accounting dot1x This command applies an accounting method for 802 1X ser...

Page 441: ...st name no accounting exec default Specifies the default method list created with the aaa accounting exec command page 4 99 list name Specifies a method list created with the aaa accounting exec command Default Setting None Command Mode Line Configuration Example Console config line console Console config line accounting exec tps Console config line exit Console config line vty Console config line...

Page 442: ... authorization exec default method name default Specifies the default authorization method for Exec access method name Specifies an authorization method for Exec access Range 1 255 characters group Specifies the server group to use tacacs Specifies all TACACS hosts configure with the tacacs server host command described on page 4 93 server group Specifies the name of a server group configured with...

Page 443: ...list created with the aaa authorization exec command Default Setting None Command Mode Line Configuration Example Console config line console Console config line authorization exec tps Console config line exit Console config line vty Console config line authorization exec default Console config line show accounting This command displays the current accounting settings per function and per port Syn...

Page 444: ...specifiable username interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 Default Setting None Command Mode Privileged Exec Example Console show accounting Accounting type dot1x Method list default Group list radius Interface Method list tps Group list radius Interface eth 1 2 Accounting type Exec Method list default Group list radius Interface vty Console ...

Page 445: ... http secure port Specifies the UDP port number for HTTPS GC Table 5 33 Web Server Commands ip http port This command specifies the TCP port number used by the web browser interface Use the no form to use the default port Syntax ip http port port number no ip http port port number The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Ex...

Page 446: ...PS servers to use the same UDP port If you enable HTTPS you must indicate this in the URL that you specify in your browser https device port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server genera...

Page 447: ... Commands ip http secure port copy tftp https certificate ip http secure port This command specifies the UDP port number used for HTTPS SSL connection to the switch s web interface Use the no form to restore the default port Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration C...

Page 448: ...mmand allows this device to be monitored or configured from Telnet It also specifies the TCP port number used by the Telnet interface Use the no form without the port keyword to disable this function Use the no from with the port keyword to use the default port Syntax ip telnet server port port number no telnet server port port The TCP port used by the Telnet interface port number The TCP port num...

Page 449: ...ey Saves the host key from RAM to flash memory PE disconnect Terminates a line connection PE show ip ssh Displays the status of the SSH server and the configured valuesfor authentication timeout and retries PE show ssh Displays the status of current SSH sessions PE show public key Shows the public key for the specified user or for the host PE show users Shows SSH users including privilege level an...

Page 450: ...locally on the switch via the User Accounts page as described The clients are subsequently authenticated using these keys The current firmware only accepts public key files based on standard UNIX format as shown in the following example for an RSA Version 1 key 1024 35 1341081685609893921040944920155425347631641921872958921143173880 05553616163105177594083868631109291232226828519254374603100937187...

Page 451: ...this means that the client s private key corresponds to an authorized public key and the client is authenticated Authenticating SSH v2 Clients a The client first queries the switch to determine if DSA public key authentication using a preferred algorithm is acceptable b If the specified algorithm is supported by the switch it notifies the client to proceed with the authentication process Otherwise...

Page 452: ...ed Commands ip ssh crypto host key generate show ssh ip ssh timeout This command configures the timeout for the SSH server Use the no form to restore the default setting Syntax ip ssh timeout seconds no ip ssh timeout seconds The timeout for client response during SSH negotiation Range 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interv...

Page 453: ...e is reset Range 1 5 Default Setting 3 Command Mode Global Configuration Example Console config ip ssh authentication retires 2 Console config Related Commands show ip ssh ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key size no ip ssh server key size key size The size of server key Range 512 896 bits ...

Page 454: ...tting Deletes both the DSA and RSA key Command Mode Privileged Exec Example Console delete public key admin dsa Console ip ssh crypto host key generate This command generates the host key pair i e public and private Syntax ip ssh crypto host key generate dsa rsa dsa DSA Version 2 key type rsa RSA Version 1 key type Default Setting Generates both the DSA and RSA key pairs Command Mode Privileged Ex...

Page 455: ... Console Related Commands ip ssh crypto zeroize ip ssh save host key ip ssh crypto zeroize This command clears the host key from memory i e RAM Syntax ip ssh crypto zeroize dsa rsa dsa DSA key type rsa RSA key type Default Setting Clears both the DSA and RSA key Command Mode Privileged Exec Command Usage This command clears the host key from volatile memory RAM Use the no ip ssh save host key comm...

Page 456: ...th the DSA and RSA key Command Mode Privileged Exec Example Console ip ssh save host key dsa Console Related Commands ip ssh crypto host key generate show ip ssh This command displays the connection settings used when authenticating client access to the SSH server Command Mode Privileged Exec Example Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3...

Page 457: ...er State The authentication negotiation state Values Negotiation Started Authentication Started Session Started Username The user name of the client Table 5 37 show ssh display description Field Description Encryption The encryption method is automatically negotiated between the client and server Options for SSHv1 5 include DES 3DES Options for SSHv2 0 can include different algorithms for the clie...

Page 458: ... SSH user Range 1 8 characters Default Setting Shows all public keys Command Mode Privileged Exec Command Usage If no parameters are entered all keys are displayed If the user keyword is entered but no user name is specified then the public keys for all users are displayed When an RSA key is displayed the first field indicates the size of the host key e g 1024 the second field is the encoded publi...

Page 459: ...anaged Switch supports IEEE 802 1X dot1x port based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication Client authentication is controlled centrally by a RADIUS server using EAP Extensible Authentication Protocol Command Function Mode dot1x system auth control Enables dot1x globally on the switch GC dot1x default Resets...

Page 460: ...ly on the switch Use the no form to restore the default Syntax no dotx system auth control Default Setting Disabled Command Mode Global Configuration Example Console config dot1x system auth control Console config dot1x default This command sets all configurable dot1x global and port settings to their default values Command Mode Global Configuration Example Console config dot1x default Console con...

Page 461: ...are not dot1x aware will be denied access force authorized Configures the port to grant access to all clients either dot1x aware or otherwise force unauthorized Configures the port to deny access to all clients either dot1x aware or otherwise Default force authorized Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x port control auto Console conf...

Page 462: ...to be granted network access Similarly a port can become unauthorized for all hosts if one attached host fails re authentication or sends an EAPOL logoff message Example Console config interface eth 1 2 Console config if dot1x operation mode multi host max count 10 Console config if dot1x re authenticate This command forces re authentication on all ports or a specific interface Syntax dot1x re aut...

Page 463: ... and the process is handled transparently by the dot1x client software Only if re authentication fails is the port blocked or the user assigned to the Guest VLAN see dot1x intrusion action on page 4 124 The connected client is re authenticated after the interval specified by the dot1x timeout re authperiod command The default is 3600 seconds Example Console config interface eth 1 2 Console config ...

Page 464: ...h a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of seconds Range 1 65535 Default 3600 seconds Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x timeout re authperiod 300 Console config if dot1x timeout tx period This command sets the time that an interface ...

Page 465: ...assign all traffic for the port to a guest VLAN Use the no form to reset the default Syntax dot1x intrusion action block traffic guest vlan no dot1x intrusion action block traffic Blocks traffic on this port guest vlan Assigns the user to the Guest VLAN Default block traffic Command Mode Interface Configuration Command Usage For guest VLAN assignment to be successful the VLAN must be configured an...

Page 466: ...port control mode Authorized Authorization status yes or n a not authorized 802 1X Port Details Displays the port access control parameters for each interface including the following items reauth enabled Periodic re authentication reauth period Time after which a connected client must be re authenticated quiet period Time a port waits after Max Request Count is exceeded before attempting to acquir...

Page 467: ...unt Number of times connecting state is re entered Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier Server Identifier carried in the most recent EAP Success Failure or Request packet received from the Authentication Server Reauthenticat...

Page 468: ...alize 5 12 10 Management IP Filter Commands This section describes commands used to configure IP management access to the switch Command Function Mode management Configures IP addresses that are allowed management access GC show management Displays the switch to be monitored or configured from a browser PE Table 5 39 IP Filter Commands management This command specifies the client IP addresses that...

Page 469: ...not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end address Example This Example...

Page 470: ...e methods several other options of providing client security are described in this section These include port based authentication which can be configured to allow network client access by specifying a fixed set of MAC addresses The addresses assigned to DHCP clients can also be carefully controlled using static or dynamic bindings with the IP Source Guard and DHCP Snooping commands Table 4 40 Cli...

Page 471: ...er port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message Command Function Mode port security Configures a secure port IC mac address table static Maps a static address to a port in a VLAN GC show mac address table Displays entries in the bridge fo...

Page 472: ...olation it must be manually re enabled using the no shutdown command Example The following Example enables port security for port 5 and sets the response to a security violation to issue a trap message Console config interface ethernet 1 5 Console config if port security Console config if port security action trap Console config if Related Commands shutdown mac address table static show mac addres...

Page 473: ... form of this command to disable network access authentication Syntax no network access mode mac authentication Default Setting Disabled Command Mode Interface Configuration Command Usage When enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The username and password are both equal to the MAC address being authenticated...

Page 474: ...authenticated on a port via all forms of authentication Use the no form of this command to restore the default Syntax network access max mac count count no network access max mac count count The maximum number of authenticated MAC addresses allowed Range 1 to 2048 0 for unlimited Default Setting 2048 Command Mode Interface Configuration Command Usage The maximum number of MAC addresses per port is...

Page 475: ... authentication or MAC authentication Use the no form of this command to restore the default Syntax mac authentication max mac count count no mac authentication max mac count count The maximum number of 802 1X and MAC authenticated MAC addresses allowed Range 1 1024 Default Setting 1024 Command Mode Interface Configuration Example Console config if mac authentication max mac count 32 Console confi...

Page 476: ...ed addresses are cleared from the secure MAC address table Example The following Example enables dynamic VLAN assignment on port 1 Console config interface ethernet 1 1 Console config if network access dynamic vlan Console config if network access guest vlan Use this command to assign all traffic on a port to a guest VLAN when network access MAC authentication or 802 1X authentication is rejected ...

Page 477: ...plies to all ports When the reauthentication time expires for a secure MAC address it is reauthenticated with the RADIUS server During the reauthentication process traffic through the port remains unaffected Example Console config mac authentication reauth time 300 Console config clear network access Use this command to clear entries from the secure MAC addresses table Syntax clear network access ...

Page 478: ...face interface interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 26 Default Setting Displays the settings for all interfaces Command Mode Privileged Exec Client Security Commands Example Console show network access interface ethernet 1 1 Global secure port information Reauthentication Time 1800 Port 1 1 MAC Authentication Disabled MAC Authenticati...

Page 479: ...s is unit 1 port Port number Range 1 28 sort Sorts displayed entries by either MAC address or interface Default Setting Displays all filters Command Mode Privileged Exec Command Usage When using a bit mask to filter displayed MAC addresses a 1 means care and a 0 means don t care For Example a MAC of 00 00 01 02 03 04 and mask FF FF FF 00 00 00 would result in all MACs in the range 00 00 01 00 00 0...

Page 480: ... the limit for failed web authentication login attempts GC web auth quiet period Defines the amount of time to wait after the limit for failed login attempts is exceeded GC web auth session timeout Defines the amount of time a session remains valid GC web auth system auth control Enables web authentication globally for the switch GC web auth Enables web authentication for an interface IC web auth ...

Page 481: ...yntax web auth quiet period time no web auth quiet period time The amount of time the host must wait before attempting authentication again Range 1 180 seconds Default Setting 60 seconds Command Mode Global Configuration Example Console config web auth quiet period 120 Console config web auth session timeout This command defines the amount of time a web authentication session remains valid When th...

Page 482: ...abled Command Mode Global Configuration Command Usage Both web auth system auth control for the switch and web auth for an interface must be enabled for web authentication to be active Example Console config web auth system auth control Console config web auth This command enables web authentication for a port Use the no form to restore the default Syntax no web auth Default Setting Disabled Comma...

Page 483: ...nit port unit This is unit 1 port Port number Range 1 28 Default Setting None Command Mode Privileged Exec Example Console web auth re authenticate interface ethernet 1 2 Console web auth re authenticate IP This command ends the web authentication session associated with the designated IP address and forces the user to re authenticate Syntax web auth re authenticate interface interface ip interfac...

Page 484: ...etting None Command Mode Privileged Exec Example Console show web auth Global Web Auth Parameters System Auth Control Enabled Session Timeout 3600 Quiet Period 60 Max Login Attempts 3 Console show web auth interface This command displays interface specific web authentication parameters and statistics Syntax show web auth interface interface interface Specifies a port interface ethernet unit port u...

Page 485: ...Auth State Remaining Session Time 1 1 1 1 Authenticated 295 1 1 1 2 Authenticated 111 Console show web auth summary This command displays a summary of web authentication port parameters and statistics Syntax show web auth summary Default Setting None Command Mode Privileged Exec Example Console show web auth summary Global Web Auth Parameters System Auth Control Enabled Port Status Authenticated H...

Page 486: ...on GC show ip dhcp snooping Shows the DHCP snooping configuration settings PE show ip dhcp snoopingbinding Shows the DHCP snooping binding table entries PE Table 5 44 DHCP Snooping Commands ip dhcp snooping This command enables DHCP snooping globally Use the no form to restore the default setting Syntax no ip dhcp snooping Default Setting Disabled Command Mode Global Configuration Command Usage Ne...

Page 487: ...on is disabled as specified by the ip dhcp snooping verify mac address command page 4 150 However if MAC address verification is enabled then the packet will only be forwarded if the client s hardware address stored in the DHCP packet is the same as the source MAC address in the Ethernet header If the DHCP packet is not a recognizable type it is dropped If a DHCP packet from a client passes the fi...

Page 488: ...ommand page 4 149 When the DHCP snooping is globally disabled DHCP snooping can still be configured for specific VLANs but the changes will not take effect until DHCP snooping is globally re enabled When DHCP snooping is globally enabled configuration changes for specific VLANs have the following effects If DHCP snooping is disabled on a VLAN all dynamic bindings learned for this VLAN are removed ...

Page 489: ...e VLAN according to the default status or as specifically configured for an interface with the no ip dhcp snooping trust command When an untrusted port is changed to a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Additional considerations when the switch itself is a DHCP client The port s through which it submits a client request to the DHCP server must...

Page 490: ...et other services or policies for clients When the DHCP Snooping Information Option is enabled the requesting client or an intermediate relay agent that has used the information fields to describe itself can be identified in the DHCP request packets forwarded by the switch and in reply packets sent back from the DHCP server by the switch port to which they are connected rather than just their MAC ...

Page 491: ...client request and unicast the packet to the DHCP server replace Replace the Option 82 information in the client s request with information about the relay agent itself insert the relay agent s address when DHCP snooping is enabled and unicast the packet to the DHCP server Default Setting replace Command Mode Global Configuration Command Usage When the switch receives DHCP packets from clients tha...

Page 492: ...nding table entries Command Mode Privileged Exec Example Console show ip dhcp snooping binding MacAddress IpAddress Lease sec Type VLAN Interface 11 22 33 44 55 66 192 168 0 99 0 Static 1 Eth 1 5 Console 5 13 5 IP Source Guard Commands IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table or static and ...

Page 493: ... Usage Source guard is used to filter traffic on an unsecure port which receives messages from outside the network or firewall and therefore may be subject to traffic attacks caused by a host trying to use the IP address of a neighbor Setting source guard mode to sip or sip mac enables this function on the selected port Use the sip option to check the VLAN ID source IP address and port number agai...

Page 494: ...uard binding or dynamic DHCP snooping binding the packet will be forwarded If IP source guard if enabled on an interface for which IP source bindings dynamically learned via DHCP snooping or manually configured are not yet configured the switch will drop all IP traffic on that port except for DHCP packets Example This Example enables IP source guard on port 5 Console config interface ethernet 1 5 ...

Page 495: ...to binding table using the type of static IP source guard binding If there is an entry with same VLAN ID and MAC address and the type of entry is static IP source guard binding then the new entry will replace the old one If there is an entry with same VLAN ID and MAC address and the type of the entry is dynamic DHCP snooping binding then the new entry will replace the old one and the entry type wi...

Page 496: ...ing MacAddress IpAddress Lease sec Type VLAN Interface 11 22 33 44 55 66 192 168 0 99 0 Static 1 Eth 1 5 Console 5 14 Access Control List Commands Access Control Lists ACL provide packet filtering for IP frames based on address protocol or Layer 4 protocol port number or TCP control code or any frames based on MAC address or Ethernet type To filter packets first create an access list add the requi...

Page 497: ... EXT ACL show ip access list Displays the rules for configured IP ACLs PE ip access group Adds a port to an IP ACL IC show ip access group Shows port assignments for IP ACLs PE map access list ip Sets the CoS value and corresponding output queue for packets matching an ACL rule IC show map access list ip Shows CoS value mapped to an access list for an interface PE Table 5 47 IP ACL Commands access...

Page 498: ...the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host source any Any source IP address source Source IP address bitmask Decimal number representing the address bits to match host Keyword followed by a specific IP address Default Setting None Command Mode Standard ACL Command Usage New rules are appended to the end of the list Address bitmasks are simil...

Page 499: ...nation port dport end no permit deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence dscp dscp source port sport end destination port dport end control flag control flag protocol number A specific protocol number Range 0 255 source Source IP address destination Destination IP address address bitmask Decimal number representing the a...

Page 500: ... syn Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent pointer To define more than one control code set the equivalent binary bit to 1 to indicate the required codes For Example to set both SYN and ACK valid use control code 18 Example This Example accepts any incoming packets if the source address is within subnet 10 7 1 x For Example if the rule is matched i e the rule 10 7...

Page 501: ... access list ip show ip access list This command displays the rules for configured IP ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Example Console show ip access list standard IP standard access list david permit host 10 1 1 21 ...

Page 502: ... Command Usage A port can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it to a port Example Console config int eth 1 25 Console config if ip access group david in Console config if Related Commands show ip access list show ip acc...

Page 503: ...ength 16 characters cos value CoS value Range 0 7 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL before you can map CoS values to the rule A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following table For information on mapping the CoS values to output queues see queue cos map Prio...

Page 504: ...e commands in this section configure ACLs based on hardware addresses packet format and Ethernet type To configure MAC ACLs first create an access list containing the required permit or deny rules and then bind the access list to one or more ports Command Function Mode access list mac Creates a MAC ACL and enters configuration mode GC permit deny Filters packets matching a specified source and des...

Page 505: ...d to add new rules to the bottom of the list To create an ACL you must add at least one rule to the list To remove a rule use the no permit or no deny command followed by the exact text of a previously configured rule An ACL can contain up to 100 rules Example Console config access list mac jerry Console config mac acl Related Commands permit deny mac access group show mac access list permit deny ...

Page 506: ...ss range with bitmask address bitmask22 Bitmask for MAC address in hexidecimal format cos value Class of Service value Range 0 7 vid VLAN ID Range 1 4094 vid bitmask22 VLAN bitmask Range 1 4095 protocol A specific Ethernet protocol number Range 0 ffff hex protocol bitmask22 Protocol bitmask Range 600 fff hex Default Setting None Command Mode MAC ACL 22 For all bitmasks 1 means care and 0 means ign...

Page 507: ... of the ACL Maximum length 16 characters Command Mode Privileged Exec Example Console show mac access list MAC access list jerry permit any 00 e0 29 94 34 de ethertype 0800 Console Related Commands permit deny mac access group mac access group This command binds a port to a MAC ACL Use the no form to remove the port Syntax mac access group acl_name in out acl_name Name of the ACL Maximum length 16...

Page 508: ...cess group jerry in Console config if Related Commands show mac access list show mac access group This command shows the ports assigned to MAC ACLs Command Mode Privileged Exec Example Console show mac access group Interface ethernet 1 5 MAC access list M5 in Console Related Commands mac access group map access list mac This command sets the output queue for packets matching an ACL rule The specif...

Page 509: ...o one of the output queues as shown below Priority 1 2 0 3 4 5 6 7 Queue 0 1 2 3 Table 4 50 Egress Queue Priority Mapping Example Console config interface ethernet 1 2 Console config if map access list mac steve cos 0 Console config if Related Commands queue cos map show map access list mac show map access list mac This command shows the CoS value mapped to a MAC ACL for the current interface The ...

Page 510: ...Ls assigned to each port PE Table 5 51 ACL Information show access list This command shows all ACLs and associated rules Command Mode Privileged Exec Example Console show access list IP standard access list david permit host 10 1 1 21 permit 168 92 16 0 255 255 240 0 IP extended access list bob permit 10 7 1 1 255 255 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192...

Page 511: ...s are used to display or set communication parameters for an Ethernet port aggregated link or VLAN Command Function Mode interface Configures an interface type and enters interface configuration mode GC description Adds a description to an interface configuration IC speed duplex Configures the speed and duplex operation of a given interface when autonegotiation is disabled IC negotiation Enables a...

Page 512: ...of aninterface NE PE Table 4 52 Interface Commands interface This command configures an interface type and enters interface configuration mode Use the no form to remove a trunk Syntax interface interface no interface port channel channel id interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 vlan vlan id Range 1 4094 Default Setting N...

Page 513: ...half 10full 10half no speed duplex 1000full Forces 1000 Mbps full duplex operation 100full Forces 100 Mbps full duplex operation 100half Forces 100 Mbps half duplex operation 10full Forces 10 Mbps full duplex operation 10half Forces 10 Mbps half duplex operation 1000full operation cannot be forced The Gigabit Combo ports can only operate at 1000full when auto negotiation is enabled Default Setting...

Page 514: ...tiation capabilities negotiation This command enables autonegotiation for a given interface Use the no form to disable autonegotiation Syntax no negotiation Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage When auto negotiation is enabled the switch will negotiate the best settings for a link based on the capabilities command When auto negotiation is...

Page 515: ...eration flowcontrol Supports flow control symmetric Gigabit only When specified the port transmits and receives pause frames when not specified the port will auto negotiate to determine the sender and receiver for asymmetric pause frames The current switch ASIC only supports symmetric pause frames Default Setting 100BASE TX 10half 10full 100half 100full 1000BASE T 10half 10full 100half 100full 100...

Page 516: ...n enabled back pressure is used for half duplex operation and IEEE 802 3x for full duplex operation To force flow control on or off with the flowcontrol or no flowcontrol command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To ena...

Page 517: ...llows you to disable a port due to abnormal behavior e g excessive collisions and then reenable it after the problem has been resolved You may also want to disable a port for security reasons Example The following Example disables port 5 Console config interface ethernet 1 5 Console config if shutdown Console config if broadcast byte rate This command configures broadcast storm control threshold S...

Page 518: ...old at 500 Kbytes per second Console config broadcast byte rate 100 level 5 Console config switchport broadcast This command enables broadcast storm control on the specified interface Use the no form to disable broadcast storm control Syntax no switchport broadcast Default Setting Enabled for all ports Command Mode Interface Configuration Ethernet Command Usage This command enables or disables bro...

Page 519: ...to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset Example The following Example clears statistics on port 5 Console clear counters ethernet 1 5 Console show interfaces status This command displays the status for an interface Syntax show interfaces stat...

Page 520: ...0full 100half 100full Broadcast Storm Enabled Broadcast Storm Limit scale 1000K level 5 octets second Flow Control Disabled LACP Disabled Port Security Disabled Max MAC Count 0 Port Security Action None Current Status Link Status Up Port Operation Status Up Operation Speed duplex 100full Flow Control Type None Console show interfaces status vlan 1 Information of VLAN 1 MAC address 00 30 4F 12 34 5...

Page 521: ...ftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal mac transmit errors 0 Internal mac receive errors 0 Frame too longs 0 Carrier sense errors 0 Symbol errors 0 R...

Page 522: ...ified information on all interfaces is displayed Example This Example shows the configuration setting for port 2 Console show interfaces switchport ethernet 1 2 Information of Eth 1 2 Broadcast Threshold Enabled scale 1000K level 5 octets second LACP Status Disabled Ingress Rate Limit Disabled scale 10M level 1 Egress Rate Limit Disabled scale 10M level 1 VLAN Membership Mode Hybrid Ingress Rule E...

Page 523: ...ypes or tagged frames only Native VLAN Indicates the default Port VLAN ID Priority for UntaggedTraffic Indicates the default priority for untagged frames GVRP Status Shows if GARP VLAN Registration Protocol is enabled or disabled Allowed VLAN Shows the VLANs this interface has joined where u indicates untagged and t indicates tagged Forbidden VLAN Shows the VLANs this interface can not dynamically...

Page 524: ...nfigures a port s LACP system priority IC Ethernet lacp admin key Configures a port s administration key IC Ethernet lacp admin key Configures an port channel s administration key IC Port Channel lacp port priority Configures a port s LACP port priority IC Ethernet Trunk Status Display Command show interfaces status port channel Shows trunk information NE PE show lacp Shows LACP information PE Tab...

Page 525: ...ACP port priority is used to select the backup link channel group This command adds a port to a trunk Use the no form to remove a port from a trunk Syntax channel group channel id no channel group channel id Trunk index Range 1 12 Default Setting The current port will be added to this trunk Command Mode Interface Configuration Ethernet Command Usage When configuring static trunks the switches must...

Page 526: ...n standby mode and will only be enabled if one of the active links fails Example The following shows LACP enabled on ports 11 13 Because LACP has also been enabled on the ports at the other end of the links the show interfaces status port channel 1 command shows that Trunk 1 has been established Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config int...

Page 527: ...ity is used to determine link aggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Command Mode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identi...

Page 528: ...mmand Usage Ports are only allowed to join the same LAG if 1 the LACP system priority matches 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interfa...

Page 529: ...ey matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 Example Console config inte...

Page 530: ...ies to its administrative state not its operational state and will only take effect the next time an aggregate link is established with the partner Example Console config interface ethernet 1 5 Console config if lacp actor port priority 128 show lacp This command displays LACP information Syntax show lacp port channel counters internal neighbors sysid port channel Local identifier for a link aggre...

Page 531: ...ker PDUs received by this channel group LACPDUs Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ethernet Type LACPDUs Illegal Pkts Number of frames that carry the Slow Protocols Ethernet Type value but contain a badly formed PDU...

Page 532: ...ting If false distribution of outgoing frames on this link is disabled i e distribution is currently disabled and is not expected to be enabled in the absence of administrative changes or changes in received protocol information Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative ch...

Page 533: ...ive value of the port number for the protocol Partner Partner OperPort Number Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for t...

Page 534: ...ription Channel group A link aggregation group configured on this switch System Priority LACP system priority for this channel group System MAC Address System MAC address Table 5 58 show lacp sysid display description The LACP system priority and system MAC address are concatenated to form the LAG system ID ...

Page 535: ... session is defined When enabled the default mirroring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a complet...

Page 536: ...wing shows mirroring configured from port 6 to port 11 Console config interface ethernet 1 11 Console config if port monitor ethernet 1 6 rx Console config if end Console show port monitor Port Mirroring Destination port listen port Eth1 11 Source port monitored port Eth1 6 Mode RX Console 5 18 Rate Limit Commands This function allows the network manager to control the maximum rate for traffic rec...

Page 537: ...The traffic rate limit scale Options 1K 10K 100K 1M or 10M bytes per second level The traffic rate limit level Range 1 127 Default Setting Status Disabled Scale 10M bytes per second Level 1 Command Mode Interface Configuration Ethernet Command Usage The scale and level are multiplied by one another to set the rate limit For Example to limit port traffic to 500K bytes per second select the scale as...

Page 538: ...s interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 vlan id VLAN ID Range 1 4094 action delete on reset Assignment lasts until the switch is reset permanent Assignment is permanent Default Setting No static addresses are defined The default mode is permanent Command Mode Global Configuration Command Usage The static address for a ho...

Page 539: ...and Mode Privileged Exec Example Console clear mac address table dynamic Console show mac address table This command shows classes of entries in the bridge forwarding database Syntax show mac address table address mac address mask interface interface vlan vlan id sort address vlan interface mac address MAC address mask Bits to match in the address interface ethernet unit port unit Stack unit Range...

Page 540: ... ignore a bit For Example a mask of 00 00 00 00 00 00 means an exact match and a mask of FF FF FF FF FF FF means any The maximum number of address entries is 8191 Example Console show mac address table Interface Mac Address Vlan Type Eth 1 1 00 30 4F 94 34 de 1 Delete on reset Trunk 2 00 30 4F 8f aa 1b 1 Learned Console mac address table aging time This command sets the aging time for entries in t...

Page 541: ...ected interface Command Function Mode spanning tree Enables the spanning tree protocol GC spanning tree mode Configures STP RSTP or MSTP mode GC spanning tree forward time Configures the spanning tree bridge forward time GC spanning tree hello time Configures the spanning tree bridge hello time GC spanning tree max age Configures the spanning tree bridge maximum age GC spanning tree priority Confi...

Page 542: ...priority Configures the priority of an instance in the MST IC spanning tree protocol migration Re checks the appropriate BPDU format PE show spanning tree Shows spanning tree configuration for the common spanning tree i e overall bridge a selected interface oran instance within the multiple spanning tree PE show spanning tree mst configuration Shows the multiple spanning tree configuration PE Tabl...

Page 543: ...led to prevent network loops thus isolating group members When operating multiple VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits as described below STP Mode If the switch receives an 802 1D BPDU...

Page 544: ...ge 2 1 Default Setting 15 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds the root device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflict...

Page 545: ... seconds Range 6 40 seconds The minimum value is the higher of 6 or 2 x hello time 1 The maximum value is the lower of 40 or 2 x forward time 1 Default Setting 20 seconds Command Mode Global Configuration Command Usage This command sets the maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated por...

Page 546: ... port and designated port The device with the highest priority i e lower numeric value becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Example Console config spanning tree priority 40000 Console config spanning tree pathcost method This command configures the path cost method used for Rapid Spanning T...

Page 547: ...This command configures the minimum interval between the transmission of consecutive RSTP MSTP BPDUs Use the no form to restore the default Syntax spanning tree transmission limit count no spanning tree transmission limit count The transmission limit in seconds Range 1 10 Default Setting 3 Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs E...

Page 548: ... a unique spanning tree for each instance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a new topology for the failed instance By default all VLANs are assigned to the Internal Spanning Tree MSTI 0 that connects all bridges and LANs within th...

Page 549: ... Command Usage MST priority is used in selecting the root bridge and alternate bridge of the specified instance The device with the highest priority i e lowest numerical value becomes the MSTI root device However if all devices have the same priority the device with the lowest MAC address will then become the root device You can set this switch to act as the MSTI root device by specifying a priori...

Page 550: ...evision revision This command configures the revision number for this multiple spanning tree configuration of this switch Use the no form to restore the default Syntax revision number number Revision number of the spanning tree Range 0 65535 Default Setting 0 Command Mode MST Configuration Command Usage The MST region name page 4 209 and revision number are used to designate a unique MST region A ...

Page 551: ...ST that connects these instances use a hop count to specify the maximum number of bridges that will propagate a BPDU Each bridge decrements the hop count by one before passing on the BPDU When the hop count reaches zero the message is dropped Example Console config mstp max hops 30 Console config mstp spanning tree spanning disabled This command disables the spanning tree algorithm for the specifi...

Page 552: ...od Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half DuplexFull DuplexTrunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half DuplexFull DuplexTrunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full DuplexTrunk 4 3 10 000 5 000 Table 5 64 Recommended STA Path Cost Default Setting By default the system automatically detects the speed and duplex mode used on each port ...

Page 553: ...panning tree cost 50 Console config if spanning tree port priority This command configures the priority for the specified interface Use the no form to restore the default Syntax spanning tree port priority priority no spanning tree port priority priority The priority for a port Range 0 240 in steps of 16 Default Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage T...

Page 554: ...quicker convergence for devices such as workstations or servers retains the current forwarding database to reduce the amount of frame flooding required to rebuild address tables during reconfiguration events does not cause the spanning tree to initiate reconfiguration when the interface changes state and also overcomes other STA related timeout problems However remember that Edge Port should only ...

Page 555: ...nd of a bridged LAN or for an end node device This command is the same as spanning tree edge port and is only included for backward compatibility with earlier products Note that this command may be removed for future software versions Example Console config interface ethernet 1 5 Console config if bridge group 1 portfast Console config if Related Commands spanning tree edge port spanning tree link...

Page 556: ...ange 0 4094 no leading zeroes cost Path cost for an interface Range 0 for auto configuration 1 65535 for short path cost method24 1 200 000 000 for long path cost method The recommended path cost range is listed in Table 4 63 on page 4 211 The recommended path cost is listed in Table 4 64 on page 4 212 Default Setting By default the system automatically detects the speed and duplex mode used on ea...

Page 557: ... instance_id port priority priority no spanning tree mst instance_id port priority instance_id Instance identifier of the spanning tree Range 0 4094 no leading zeroes priority Priority for an interface Range 0 240 in steps of 16 Default Setting 128 Command Mode Interface Configuration Ethernet Port Channel Command Usage This command defines the priority for the use of an interface in the multiple ...

Page 558: ...omatically set the selected interface to forced STP compatible mode However you can also use the spanning tree protocol migration command at any time to manually re check the appropriate BPDU format to send on the selected interfaces i e RSTP or STP compatible Example Console spanning tree protocol migration eth 1 5 Console show spanning tree This command shows the configuration for the common spa...

Page 559: ...or a description of the items displayed under Spanning tree information see Configuring Global Settings on page 3 152 For a description of the items displayed for specific interfaces see Displaying Interface Settings on page 3 156 Example Console show spanning tree Spanning tree information Spanning tree mode MSTP Spanning tree enable disable enable Instance 0 Vlans configuration 1 4094 Priority 3...

Page 560: ... 32768 0 0000ABCD0000 Designated bridge 32768 0 0030F1552000 Fast forwarding disable Forward transitions 1 Admin edge port enable Oper edge port disable Admin Link type auto Oper Link type point to point Spanning Tree Status enable show spanning tree mst configuration This command shows the configuration of the multiple spanning tree Command Mode Privileged Exec Example Console show spanning tree ...

Page 561: ...User s Manual of SGSD 1022 SGSD 1022P SGSW 2840 SGSW 2840P 561 0 1 3 4094 1 2 Console ...

Page 562: ...onfiguring Private VLANs Configures private VLANs including uplink and downlink ports Configuring Protocol VLANs Configures protocol based VLANs based on frame type and protocol Configuring Voice VLANs Configures VoIP traffic detection and enables a Voice VLAN Table 5 66 VLAN Command Groups 5 21 1 GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exch...

Page 563: ...o support VLANs which extend beyond the local switch Example Console config bridge ext gvrp Console config show bridge ext This command shows the configuration for bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 3 172 and Displaying Bridge Extension Capabilities on page 3 16 for a description of the displayed i...

Page 564: ... Channel Example Console config interface ethernet 1 6 Console config if switchport gvrp Console config if show gvrp configuration This command shows if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting Shows both global and interface specific configuration Com...

Page 565: ...veall 1000 centiseconds Command Mode Interface Configuration Ethernet Port Channel Command Usage Group Address Registration Protocol is used by GVRP and GMRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing...

Page 566: ... selected interface Syntax show garp timer interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec VLAN Commands Example Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 100 centiseconds Leave timer 60 centiseconds Leaveall ti...

Page 567: ...LANs After finishing configuration changes you can display the VLAN settings by entering the show vlan command Use the interface vlan Command Mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Console config vlan data...

Page 568: ...state returns the VLAN to the default state i e active You can configure up to 255 VLANs on the switch The switch allows 255 user manageable VLANs One other VLAN VLAN ID 4093 is reserved for switch clustering Example The following Example adds a VLAN using VLAN ID 105 and name RD5 The VLAN is activated by default Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Con...

Page 569: ...igure VLAN parameters for a physical interface Syntax interface vlan vlan id vlan id ID of the configured VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Global Configuration Example The following Example shows how to set the interface configuration mode to VLAN 1 and then assign an IP address to the VLAN Console config interface vlan 1 Console config if ip address 192 168 1 ...

Page 570: ... then set the switchport mode to hybrid Console config interface ethernet 1 1 Console config if switchport mode hybrid Console config if Related Commands switchport acceptable frame types switchport acceptable frame types This command configures the acceptable frame types for a port Use the no form to restore the default Syntax switchport acceptable frame types all tagged no switchport acceptable ...

Page 571: ...will produce this error message Note Failed to ingress filtering on ethernet interface Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage Ingress filtering only affects tagged frames With ingress filtering enabled a port will discard received frames tagged for VLANs for it which it is not a member Ingress filtering does not affect VLAN independent BPDU...

Page 572: ...tchport mode is set to hybrid the PVID will be inserted into all untagged frames entering the ingress port Example The following example shows how to set the PVID for port 1 to VLAN 3 Console config interface ethernet 1 1 Console config if switchport native vlan 3 Console config if switchport allowed vlan This command configures VLAN groups on the selected interface Use the no form to restore the ...

Page 573: ... the VLAN is automatically removed from the forbidden list for that interface Example The following example shows how to add VLANs 1 2 5 and 6 to the allowed list as tagged VLANs for port 1 Console config interface ethernet 1 1 Console config if switchport allowed vlan add 1 2 5 6 tagged Console config if switchport forbidden vlan This command configures forbidden VLANs Use the no form to remove t...

Page 574: ...LAN interface NE PE show interfaces switchport Displays the administrative and operational status of an interface NE PE Table 5 70 Show VLAN Command show vlan This command shows VLAN information Syntax show vlan id vlan id name vlan name id Keyword to be followed by the VLAN ID vlan id ID of the configured VLAN Range 1 4094 no leading zeroes name Keyword to be followed by the VLAN name vlan name A...

Page 575: ...orts Port Channels Eth1 1 S Eth1 2 S Eth1 3 S Eth1 4 S Eth1 5 S Eth1 6 S Eth1 7 S Eth1 8 S Eth1 9 S Eth1 10 S Eth1 11 S Eth1 12 S Eth1 13 S Eth1 14 S Eth1 15 S Eth1 16 S Eth1 17 S Eth1 18 S Eth1 19 S Eth1 20 S Eth1 21 S Eth1 22 S Eth1 23 S Eth1 24 S Eth1 25 S Eth1 26 S Eth1 27 S Eth1 28 S Console ...

Page 576: ... 1 Configure the switch to QinQ mode dot1q tunnel system tunnel control 2 Create a SPVLAN vlan 3 Configure the QinQ tunnel access port to dot1Q tunnel access mode switchport dot1q tunnel mode 4 Set the Tag Protocol Identifier TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethert...

Page 577: ...faces switchport switchport dot1q tunnel mode This command configures an interface as a QinQ tunnel port Use the no form to disable QinQ on the interface Syntax switchport dot1q tunnel mode access uplink no switchport dot1q tunnel mode access Sets the port as an 802 1Q tunnel access port uplink Sets the port as an 802 1Q tunnel uplink port Default Setting Disabled Command Mode Interface Configurat...

Page 578: ...el tpid tpid Sets the ethertype value for 802 1Q encapsulation This identifier is used to select a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8100 Range 0800 FFFF hexadecimal Default Setting 0x8100 Command Mode Interface Configuration Ethernet Port Channel Command Usage Use the switchport dot1q tunnel tpid command to set a custom 802 1Q ethertyp...

Page 579: ...el control Console config interface ethernet 1 1 Console config if switchport dot1q tunnel mode access Console config if interface ethernet 1 2 Console config if switchport dot1q tunnel mode uplink Console config if end Console show dot1q tunnel Current double tagged status of the system is Enabled The dot1q tunnel mode of the set interface 1 1 is Access mode TPID is 0x8100 The dot1q tunnel mode o...

Page 580: ...s commands used to configure private VLANs Command Function Mode Edit Private VLAN Groups private vlan Adds or deletes primary community or isolated VLANs VC private vlan association Associates a community VLAN with a primary VLAN VC Configure Private VLAN Interfaces switchport modeprivate vlan Sets an interface to host mode or promiscuous mode IC switchport private vlan host association Associate...

Page 581: ... A VLAN in which traffic is restricted to host members in the same VLAN and to promiscuous ports in the associate primary VLAN primary A VLAN which can contain one or more community VLANs and serves to channel traffic between community VLANs and other locations isolated Specifies an isolated VLAN Ports assigned to an isolated VLAN can only communicate with the promiscuous port within their own VLA...

Page 582: ...ault Setting None Command Mode VLAN Configuration Command Usage Secondary VLANs provide security for group members The associated primary VLAN provides a common interface for access to other network resources within the primary VLAN e g servers configured with promiscuous ports and to resources outside of the primary VLAN via promiscuous ports Example Console config vlan private vlan 2 association...

Page 583: ...ole config if switchport mode private vlan host Console config if switchport private vlan host association Use this command to associate an interface with a secondary VLAN Use the no form to remove this association Syntax switchport private vlan host association secondary vlan id no switchport private vlan host association secondary vlan id ID of secondary i e community VLAN Range 1 4094 no leadin...

Page 584: ...s port Example Console config interface ethernet 1 3 Console config if switchport private vlan isolated 3 Console config if switchport private vlan mapping Use this command to map an interface to a primary VLAN Use the no form to remove this mapping Syntax switchport private vlan mapping primary vlan id no switchport private vlan mapping primary vlan id ID of primary VLAN Range 1 4094 no leading z...

Page 585: ... primary VLAN and assigned host interfaces isolated Displays an isolated VLAN along with the assigned promiscuous interface and host interfaces The Primary and Secondary fields both display the isolated VLAN ID primary Displays all primary VLANs along with any assigned promiscuous interfaces Default Setting None Command Mode Privileged Executive Example Console show private vlan Primary Secondary ...

Page 586: ...Commands To configure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 4 226 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the protocol vlan protocol gr...

Page 587: ...ich matching protocol traffic is forwarded Range 1 4094 Default Setting No protocol groups are mapped for any interface Command Mode Interface Configuration Ethernet Port Channel Command Usage When creating a protocol based VLAN only assign interfaces via this command If you assign interfaces using any of the other VLAN commands such as the vlan command on page 4 226 these interfaces will admit tr...

Page 588: ...ax show protocol vlan protocol group group id group id Group identifier for a protocol group Range 1 2147483647 Default Setting All protocol groups are displayed Command Mode Privileged Exec Example This example shows many protocol groups configured for various protocol types and frame types Console show protocol vlan protocol group ProtocolGroup ID Frame Type Protocol Type 4 Ethernet 0B AD 8 Ethe...

Page 589: ...face interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 26 port channel channel id Range 1 12 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show interfaces protocol vlan protocol group Port Protoc...

Page 590: ...oice vlan Displays Voice VLAN settings PE Table 5 74 Voice VLAN Commands voice vlan This command enables VoIP traffic detection and defines the Voice VLAN ID Use the no form to disable the Voice VLAN Syntax voice vlan voice vlan id no voice vlan voice vlan id Specifies the voice VLAN ID Range 1 4094 Default Setting Disabled Command Mode Global Configuration Command Usage When IP telephony is deplo...

Page 591: ... Configuration Command Usage The Voice VLAN aging time is the time after which a port is removed from the Voice VLAN when VoIP traffic is no longer received on that port Example The following example configures the Voice VLAN aging time as 3000 minutes Console config voice vlan aging 3000 Console config voice vlan mac address This command specifies MAC address ranges to add to the OUI Telephony li...

Page 592: ... devices with the same OUI the first three octets Other masks restrict the MAC address range Selecting FF FF FF FF FF FF specifies a single MAC address Example The following example adds a MAC OUI to the OUI Telephony list Console config voice vlan mac address 00 12 34 56 78 90 mask ff ff ff 00 00 00 description A new phone Console config switchport voice vlan This command specifies the Voice VLAN...

Page 593: ...d by the Organizationally Unique Identifier OUI of the source MAC address lldp Uses LLDP to discover VoIP devices attached to the port Default Setting OUI Enabled LLDP Disabled Command Mode Interface Configuration Command Usage When OUI is selected be sure to configure the MAC address ranges in the Telephony OUI list see the voice vlan mac address command MAC address OUI numbers must be configured...

Page 594: ...ed be sure the MAC address ranges for VoIP devices are configured in the Telephony OUI list voice vlan mac address Example The following example enables security filtering on port 1 Console config interface ethernet 1 1 Console config if switchport voice vlan security Console config if switchport voice vlan priority This command specifies a CoS priority for VoIP traffic on a port Use the no form t...

Page 595: ...mand Mode Privileged Exec Example Console show voice vlan status Global Voice VLAN Status Voice VLAN Status Enabled Voice VLAN ID 1234 Voice VLAN aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Eth 1 1 Auto Enabled OUI 6 Eth 1 2 Disabled Disabled OUI 6 Eth 1 3 Manual Enabled OUI 5 Eth 1 4 Auto Enabled OUI 6 Eth 1 5 Disabled Disabled OUI 6 Eth 1 6 Disabled Disabled ...

Page 596: ...etails LLDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate network topology Command Function Mode lldp Enables LLDP globally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC medFastStartCount Configures how many medFastStart packets are transmitte...

Page 597: ...t to advertise its link aggregation capabilities IC lldp dot3 tlv mac phy Configures an LLDP enabled port to advertise its MAC and physical layer specifications IC lldp dot3 tlv max frame Configures an LLDP enabled port to advertise its maximum frame size IC lldp dot3 tlv poe Configures an LLDP enabled port to advertise its Power over Ethernet capabilities IC lldp medtlv extpoe Configures an LLDP ...

Page 598: ...e Console config lldp Console config lldp holdtime multiplier This command configures the time to live TTL value sent in LLDP advertisements Use the no form to restore the Default Setting Syntax lldp holdtime multiplier value no lldp holdtime multiplier value Calculates the TTL in seconds based on holdtime multiplier refresh interval 65536 Range 2 10 Default Setting Holdtime multiplier 4 TTL 4 30 ...

Page 599: ...hanism is active for the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefore integral to the rapid availability of Emergency Call Service Example Console config lldp medfaststartcount 6 Console config lldp notification interval This command configures the allowed interval for sending SNMP notifications about LLDP MIB changes Use the no form to restore the Default Setti...

Page 600: ...his command configures the periodic transmit interval for LLDP advertisements Use the no form to restore the Default Setting Syntax lldp refresh interval seconds no lldp refresh delay seconds Specifies the periodic interval at which LLDP advertisements are sent Range 5 32768 seconds Default Setting 30 seconds Command Mode Global Configuration Command Usage This attribute must comply with the follo...

Page 601: ...sion of advertisements initiated by a change in local LLDP MIB variables Use the no form to restore the Default Setting Syntax lldp tx delay seconds no lldp tx delay seconds Specifies the transmit delay Range 1 8192 seconds Default Setting 2 seconds Command Mode Global Configuration Command Usage The transmit delay is used to prevent a series of successive LLDP transmissions during a short period ...

Page 602: ...ansmission of SNMP trap notifications about LLDP changes Use the no form to disable LLDP notifications Syntax no lldp notification Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option sends out SNMP trap notifications to designated target stations at the interval specified by the lldp notification interval command page 4 257 Trap notification...

Page 603: ...n interval command Trap notifications include information about state changes in the LLDP MIB IEEE 802 1AB the LLDP MED MIB ANSI TIA 1057 or oganization specific LLDP EXT DOT1 and LLDP EXT DOT3 MIBs SNMP trap destinations are defined using the snmp server host command Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes ...

Page 604: ...y MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual LLDP PDU may contain more than one management address TLV Every management address TLV that reports an address that is accessible on a port and protocol VLAN through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifier VID associated...

Page 605: ... whether or not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB Example Console config interface ethernet 1 1 Console config if lldp basic tlv system capabilities Console config if lldp basic tlv system description This command configures an LLDP enabled port to advertise the system description Use the no form to disable this feature Syntax n...

Page 606: ...e system name is taken from the sysName object in RFC 3418 which contains the system s administratively assigned name and is in turn based on the hostname command page 4 16 Example Console config interface ethernet 1 1 Console config if lldp basic tlv system name Console config if lldp dot1 tlv proto ident This command configures an LLDP enabled port to advertise the supported protocols Use the no...

Page 607: ...ed and protocol based VLANs configured on this interface see Configuring VLAN Interfaces on page 4 227 and Configuring Protocol based VLANs on page 4 244 Example Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its default VLAN ID Use the no form to disable this feature ...

Page 608: ...VLANs to which this interface has been assigned See switchport allowed vlan on page 4 231 and protocol vlan protocol group Configuring Interfaces on page 4 245 Example Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise link aggregation capabilities Use the no form to d...

Page 609: ...ac phy Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option advertises MAC PHY configuration status which includes information about auto negotiation capabilities port speed and duplex mode Example Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command configures...

Page 610: ...and Mode Interface Configuration Ethernet Port Channel Command Usage This option advertises Power over Ethernet capabilities including whether or not PoE is supported currently enabled if the port pins through which power is delivered can be controlled the port pins selected to deliver power and the power class Note that this device does not support PoE capabilities Example Console config interfac...

Page 611: ... 1 Console config if no lldp medtlv extpoe Console config if lldp medtlv inventory This command configures an LLDP MED enabled port to advertise its inventory identification details Use the no form to disable this feature Syntax no lldp medtlv inventory Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option advertises device details useful for ...

Page 612: ...dp medtlv med cap This command configures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities Use the no form to disable this feature Syntax no lldp medtlv med cap Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option advertises LLDP MED TLV capabilities allowing Media Endpoint and Connectivity Devices to efficiently d...

Page 613: ...very and diagnosis of VLAN configuration mismatches on a port Improper network policy configurations frequently result in voice quality degradation or complete service disruption Example Console config interface ethernet 1 1 Console config if lldp medtlv network policy Console config if show lldp config This command shows LLDP configuration settings for all ports Syntax show lldp config detail int...

Page 614: ...ue Eth 1 4 Tx Rx True Eth 1 5 Tx Rx True Console show lldp config detail ethernet 1 1 LLDP Port Configuration Detail Port Eth 1 1 Admin Status Tx Rx Notification Enabled True Basic TLVs Advertised port description system name system description system capabilities management ip address 802 1 specific TLVs Advertised port vid vlan name proto vlan proto ident 802 3 specific TLVs Advertised mac phy p...

Page 615: ...sis ID 00 01 02 03 04 05 System Name System Description PLANET 8 2G Managed Switch System Capabilities Support Bridge System Capabilities Enable Bridge Management Address 192 168 0 101 IPv4 LLDP Port Information Interface PortID Type PortID PortDesc Eth 1 1 MAC Address 00 01 02 03 04 06 Ethernet Port on unit 1 port 1 Eth 1 2 MAC Address 00 01 02 03 04 07 Ethernet Port on unit 1 port 2 Eth 1 3 MAC ...

Page 616: ...show lldp info remote device LLDP Remote Devices Information Interface ChassisId PortId SysName Eth 1 1 00 01 02 03 04 05 00 01 02 03 04 06 Console show lldp info remote device detail ethernet 1 1 LLDP Remote Devices Information Detail Local PortName Eth 1 1 Chassis Type MAC Address Chassis Id 00 01 02 03 04 05 PortID Type MAC Address PortID 00 01 02 03 04 06 SysName SysDescr SGSD 1022 PortDescr E...

Page 617: ...tatistics Neighbor Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Count 0 Neighbor Entries Ageout Count 0 Interface NumFramesRecvd NumFramesSent NumFramesDiscarded Eth 1 1 10 11 0 Eth 1 2 0 0 0 Eth 1 3 0 0 0 Eth 1 4 0 0 0 Eth 1 5 0 0 0 switch show lldp info statistics detail ethernet 1 1 LLDP Port Statistics Detail P...

Page 618: ...is section describes commands used to configure Layer 2 traffic priority on the switch Command Function Mode queue mode Sets the queue mode to strict priority Weighted Round Robin WRR or hybrid GC switchport priority default Sets a port priority for incoming untagged frames IC queue bandwidth Assigns round robin weights to the priority queues GC queue cos map Assigns class of service values to the...

Page 619: ...t queue Thus a queue weighted 8 will be allowed to transmit up to 8 packets after which the next lower priority queue will be serviced according to it s weighting This prevents the head of line blocking that can occur with strict priority queuing When using hybrid priority queuing mode the switch employ strict priority queuing for the highest priority queue queue 3 before processing queues 2 throu...

Page 620: ...ve priority tags will be placed in queue 0 of the output port Note that if the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Example The following example shows how to set a default priority on port 3 to 5 Console config interface ethernet 1 3 Console config if switchport priority default 5 Console config if Related Comman...

Page 621: ...values that are mapped to the queue ID It is a space separated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using four priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recomme...

Page 622: ...f Eth 1 1 Traffic Class 0 1 2 3 4 5 6 7 Priority Queue 0 1 2 1 2 2 3 3 Console Related Commands show queue cos map show queue mode This command shows the current queue mode Default Setting None Command Mode Privileged Exec Example Console show queue mode Queue mode wrr Console show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the four priority queues ...

Page 623: ...s the class of service priority map Syntax show queue cos map interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting None Command Mode Privileged Exec Example Console show queue cos map ethernet 1 1 Information of Eth 1 1 Traffic Class 0 1 2 3 4 5 6 7 Priority Queue 1 0 0 1 2 2 3 3 Console ...

Page 624: ...ort Shows the IP port map PE show map ip precedence Shows the IP precedence map PE show map ip tos Shows the IP ToS map PE show map access list Shows CoS value mapped to an access list for an interface PE Table 5 79 Priority Commands Layer 3 and 4 map ip dscp This command enables and sets IP DSCP priority mapping i e Differentiated Services Code Point priority mapping Use the no form to restore th...

Page 625: ... 0 then enable the feature on the switch Console config map ip dscp 1 cos 0 Console config map ip dscp Console config map ip port Use this command to enable and set IP port priority mapping i e TCP UDP port priority mapping Use the no form to disable the feature or remove a settting Syntax map ip port port number cos cos queue no map ip port port number port number 16 bit TCP UDP port number Range...

Page 626: ...ow shows the default priority mapping IP Precedence Value 0 1 2 3 4 5 6 7 CoS Queue 0 0 1 1 2 2 3 3 Table 5 81 Mapping IP Precedence to CoS Queues Command Mode Global Configuration Command Usage The command map ip precedence enables the feature on the switch The command map ip precedence precedence value cos cos queue maps IP Precedence values to port CoS queues The precedence for priority mapping...

Page 627: ...sted Service Default CoS Output Queue 0 Normal service 0 1 Minimize monetary cost 0 2 Maximize reliability 1 4 Maximize throughput 2 8 Minimize delay 3 Table 5 82 Mapping IP TOS to CoS Queues Command Mode Global Configuration Command Usage The command map ip tos enables the feature on the switch The command map ip tos tos value cos cos queue maps IP TOS values to port CoS queues The precedence for...

Page 628: ...ault Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL before you can map a CoS queue to the rule Example Console config interface ethernet 1 2 Console config if map access list ip bill cos 0 Console config if map access list mac This command sets the output queue for packets matching a MAC ACL rule Use the no form to remove the CoS queue mapping Sy...

Page 629: ...Console config if map access list mac steve cos 0 Console config if show map ip dscp This command shows the IP DSCP priority map Syntax show map ip dscp Command Mode Privileged Exec Example Console show map ip dscp dscp Mapping Status Disabled DSCP COS 0 1 1 0 2 0 3 0 61 0 62 0 63 0 Console Related Commands map ip dscp show map ip port Use this command to show the IP port priority map Syntax ...

Page 630: ...ue 2 Console show map ip port TCP Port Mapping Status Disabled Port no COS 21 2 Console Related Commands map ip port show map ip precedence Use this command to show the IP precedence priority map Syntax show map ip precedence Command Mode Privileged Exec Example Console show map ip precedence Precedence Mapping Status Enabled Precedence COS 0 0 1 0 2 1 3 1 4 2 5 2 6 3 7 3 Console ...

Page 631: ... ip tos Use this command to show the IP ToS priority map Syntax show map ip tos Command Mode Privileged Exec Class of Service Commands Example Console show map ip tos tos Mapping Status Disabled TOS COS 0 0 1 0 2 1 3 0 4 2 5 0 6 0 7 0 8 3 9 0 10 0 11 0 12 0 13 0 14 0 15 0 Console Related Commands map ip tos ...

Page 632: ...You can classify traffic based on access lists IP Precedence or DSCP values or VLANs Using access lists allows you select traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Command Function Mode class map Creates a class map for a type of traffic GC match Defines the criteria used to classify traffic CM policy map Creates a policy map for multiple interfaces GC class ...

Page 633: ... command to identify the class map and enter Policy Map Class configuration mode A policy map can contain multiple class statements 6 Use the set command to modify the QoS value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce the DSCP service level for traffic exceeding the specifi...

Page 634: ...map rd_class match any Console config cmap match ip dscp 3 Console config cmap Related Commands show class map match This command defines the criteria used to classify traffic Use the no form to delete the matching criteria Syntax no match access list acl name acl name Name of the access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs Range 1 16 ch...

Page 635: ...teria defined in a class map A policy map can contain multiple class statements that can be applied to the same interface with the service policy command You must create a Class Map before assigning it to a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command to classify the service that incoming pa...

Page 636: ...Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command to classify the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and configure the response to drop any violating packets Console config policy map rd_...

Page 637: ...ied traffic Use the no form to remove a policer Syntax no police rate kbps burst byte exceed action drop rate kbps Rate in kilobits per second Range 1 100000 kbps or maximum port speed whichever is lower burst byte Burst in bytes Range 64 1522 bytes drop Drop packet when specified rate or burst are exceeded Default Setting Drop out of profile packets Command Mode Policy Map Class Configuration Com...

Page 638: ...and to the ingress queue of a particular interface Use the no form to remove the policy map from this interface Syntax no service policy input policy map name input Apply to the input traffic policy map name Name of the policy map for this interface Range 1 16 characters Default Setting No policy map is attached to an interface Command Mode Interface Configuration Ethernet Port Channel Command Usa...

Page 639: ...class map Class Map match any rd_class 1 Match ip dscp 3 Class Map match any rd_class 2 Match ip precedence 5 Class Map match any rd_class 3 Match vlan 1 Console show policy map This command displays the QoS policy maps which define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map ...

Page 640: ... rd_class set ip dscp 3 Console show policy map interface This command displays the service policy assigned to the specified interface Syntax show policy map interface interface input interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Command Mode Privileged Exec Example Console show policy map interface ethernet 1 5 Service policy r...

Page 641: ...throttling Multicast VLAN Registration Configures a single network wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving security and data isolation for normal traffic Table 5 84 Multicast Filtering Commands 5 25 1 IGMP Snooping Commands This section describes commands used to configure IGMP snooping on the switch Command Function Mode ip igmp snooping En...

Page 642: ... static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port Console config ip igmp snooping vlan 1 static...

Page 643: ...ping query interval and ip igmp snooping immediate leave Example The following configures the switch to use IGMP Version 1 Console config ip igmp snooping version 1 Console config ip igmp snooping leave proxy This command enables IGMP leave proxy on the switch Use the no form to disable the feature Syntax no ip igmp snooping leave proxy Default Setting Disabled Command Mode Global Configuration Co...

Page 644: ...rding traffic for that group only if no host replies to the query within the specified timeout period Note that the timeout period is determined by ip igmp snooping query max response time see 4 305 If immediate leave is enabled the switch assumes that only one host is connected to the interface Therefore immediate leave should only be enabled on an interface if it is connected to only one IGMP en...

Page 645: ... on all VLAN IGMP snooping version Version 2 Console show mac address table multicast This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec ...

Page 646: ... response ti me Configures the report delay GC ip igmp snoopingrouter port expire time Configures the query timeout GC Table 5 86 IGMP Query Commands Layer 2 ip igmp snooping querier This command enables the switch as an IGMP querier Use the no form to disable it Syntax no ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage IGMP snooping querier is not ...

Page 647: ...t a client has not responded a countdown timer is started using the time defined by ip igmp snooping query maxresponse time If the countdown finishes and the client still has not responded then that client is considered to have left the multicast group Example The following shows how to configure the query count to 10 Console config ip igmp snooping query count 10 Console config Related Commands i...

Page 648: ...mber of queries defined by the ip igmp snooping query count but a client has not responded a countdown timer is started using an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the multicast group Example The following shows how to configure the maximum response time to 20 seconds Console config ip igmp ...

Page 649: ...es commands used to configure static multicast routing on the switch Command Function Mode ip igmp snooping vlan mrouter Adds a multicast router port GC show ip igmp snooping mrouter Shows multicast router ports PE Table 5 87 Static Multicast Routing Commands ip igmp snooping vlan mrouter This command statically configures a multicast router port Use the no form to remove the configuration Syntax ...

Page 650: ... port within VLAN 1 Console config ip igmp snooping vlan 1 mrouter ethernet 1 11 Console config show ip igmp snooping mrouter This command displays information on statically configured and dynamically learned multicast router ports Syntax show ip igmp snooping mrouter vlan vlan id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Pri...

Page 651: ...the IGMP throttling action for an interface IC show ip igmp filter Displays the IGMP filtering status PE show ip igmp profile Displays IGMP profiles and settings PE show ip igmp throttle interface Displays the IGMP throttling setting for interfaces PE Table 5 88 IGMP Filtering and Throttling Commands ip igmp filter Global Configuration This command globally enables IGMP filtering and throttling on...

Page 652: ...P filter profile number Range 1 4294967295 Default Setting Disabled Command Mode Global Configuration Command Usage A profile defines the multicast groups that a subscriber is permitted or denied to join The same profile can be applied to many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny Example Console config ip igmp ...

Page 653: ... Use the no form to delete addresses from a profile Syntax no range low ip address high ip address low ip address A valid IP address of a multicast group or start of a group range high ip address A valid IP address for the end of a multicast group range Default Setting None Command Mode IGMP Profile Configuration Command Usage Enter this command multiple times to specify more than one multicast ad...

Page 654: ...e config if ip igmp max groups This command sets the IGMP throttling number for an interface on the switch Use the no form to restore the Default Setting Syntax ip igmp max groups number no ip igmp max groups number The maximum number of multicast groups an interface can join at the same time Range 0 64 Default Setting 64 Command Mode Interface Configuration Command Usage IGMP throttling sets a ma...

Page 655: ...ult Setting Deny Command Mode Interface Configuration Command Usage When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group Example Console confi...

Page 656: ... 1 Ethernet 1 1 information IGMP Profile 19 Deny range 239 1 1 1 239 1 1 1 range 239 2 3 1 239 2 3 100 Console show ip igmp profile This command displays IGMP filtering profiles created on the switch Syntax show ip igmp profile profile number profile number An existing IGMP filter profile number Range 1 4294967295 Default Setting None Command Mode Privileged Exec Example Console show ip igmp profi...

Page 657: ...face interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting None Command Mode Privileged Exec Command Usage Using this command without specifying an interface displays all interfaces Multicast Filtering Commands Example Console show ip igmp throttle interface ethernet 1 1 Eth 1 1 Information Status TRUE Action D...

Page 658: ...e capability or configures an interface as a staticmember of the MVR VLAN IC show mvr Shows information about the global MVR configuration settings theinterfaces attached to the MVR VLAN or the multicast groups assignedto the MVR VLAN PE Table 5 89 Multicast VLAN Registration Commands mvr Global Configuration This command enables Multicast VLAN Registration MVR globally on the switch statically co...

Page 659: ...by the current MVR standard IGMP snooping and MVR share a maximum number of 255 groups Any multicast streams received in excess of this limitation will be flooded to all ports in the associated VLAN Example The following example enables MVR globally designates the MVR VLAN as VLAN 1 and configures a range of MVR group addresses Console config mvr Console config mvr vlan 1 Console config mvr group ...

Page 660: ...nooping or which have been statically assigned using the group keyword The IP address range from 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multicast address range of 224 0 0 x Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave me...

Page 661: ...face keyword or the multicast groups assigned to the MVR VLAN using the members keyword Syntax show mvr interface interface members ip address interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 ip address IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 Default Setting Displays global configuration settings for M...

Page 662: ...r of multicast groups currently assigned to the MVR VLAN Table 5 90 show mvr display description The following displays information about the interfaces attached to the MVR VLAN Console show mvr interface Port Type Status Immediate Leave eth1 1 SOURCE ACTIVE UP Disable eth1 2 RECEIVER ACTIVE UP Disable eth1 5 RECEIVER INACTIVE DOWN Disable eth1 6 RECEIVER INACTIVE DOWN Disable eth1 7 RECEIVER INAC...

Page 663: ... 5 INACTIVE None 225 0 0 6 INACTIVE None 225 0 0 7 INACTIVE None 225 0 0 8 INACTIVE None 225 0 0 9 INACTIVE None 225 0 0 10 INACTIVE None Console Field Description MVR Group IP Multicast groups assigned to the MVR VLAN Status Shows whether or not the there are active subscribers for this multicast group Note that this field will also display INACTIVE if MVR is globally disabled Members Shows the i...

Page 664: ...Sends ICMP echo request packets to another node on thenetwork NE PE Table 5 93 IP Interface Commands ip address This command sets the IP address for the currently selected VLAN interface Use the no form to restore the default IP address Syntax ip address ip address netmask bootp dhcp no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host...

Page 665: ...omes the new management VLAN Example In the following example the device is assigned an address in VLAN 1 Console config interface vlan 1 Console config if ip address 192 168 1 5 255 255 255 0 Console config if Related Commands ip dhcp restart ip default gateway This command establishes a static route between this switch and devices that exist on another network segment Use the no form to remove t...

Page 666: ...e If the BOOTP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Example In the following example the device is reassigned the same address Console config interface vlan 1 Console config if ip address dhcp Console config if end Console ip dhcp restart Console show ip interface IP address and netmask 192 16...

Page 667: ...vileged Exec Example Console show ip redirects IP default gateway 10 1 0 254 Console Related Commands ip default gateway ping This command sends ICMP echo request packets to another node on the network Syntax ping host count count size size host IP address of the host count Number of packets to send Range 1 16 size Number of bytes in a packet Range 32 512 The actual packet size will be eight bytes...

Page 668: ...ble The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging IP Interface Commands Example Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10 ms r...

Page 669: ...ystem Description Layer2 Fast Ethernet Standalone Switch SGSD 1022 System OID String 1 3 6 1 4 1 259 6 10 103 System Information System Up Time 0 days 0 hours 57 minutes and 56 69 seconds System Name R D 5 System Location WC 9 System Contact Ted MAC Address Unit1 00 30 4F 3F D2 4E Web Server Enabled Web Server Port 80 Web Secure Server Enabled Web Secure Server Port 443 Telnet Server Enable Telnet...

Page 670: ... Loader Version 1 0 0 2 Boot ROM Version 0 0 1 1 Operation Code Version 0 0 3 5 Console Display Bridge Extension Capabilities Console show bridge ext Max Support VLAN Numbers 256 Max Support VLAN ID 4094 Extended Multicast Filtering Services No Static Entry Individual Port Yes VLAN Learning IVL Configurable PVID Tagging Yes Local VLAN Capable No Traffic Classes Enabled Global GVRP Status Disabled ...

Page 671: ...these services Console config Console config interface vlan 1 Console config if ip address dhcp Console config if end Console config ip dhcp restart Console config show ip interface IP address and netmask 192 168 1 1 255 255 255 0 on VLAN 1 and address mode DHCP Console Sending Simple Mail Transfer Protocol Alerts Console config logging sendmail host 192 168 1 4 Console config logging sendmail lev...

Page 672: ...onsole show sntp Current time Jan 6 14 56 05 2004 Poll interval 60 Current mode unicast SNTP status Enabled SNTP server 10 1 0 19 137 82 140 80 128 250 36 2 Current server 128 250 36 2 Console Setting the Time Zone SNTP uses Coordinated Universal Time or UTC formerly Greenwich Mean Time or GMT based on the time at the Earth s prime meridian zero degrees longitude To display a time corresponding to...

Page 673: ...comes in then this packet will be filtered Thereby increasing the network throughput and availability 7 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Ethernet Switching stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occurrence it is the best choice when a network n...

Page 674: ...ually at Power On or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode If attached device is 100Base TX port will set to 10Mbps no auto negotiation 10Mbps 10Mbps with auto negotiation 10 20Mbps 10Base T Full Duplex 100Mbps no auto negotiation 10...

Page 675: ... Mid Span Mid Span device is placed between legacy switch and the powered device Mid Span is tap the unused wire pairs 4 5 and 7 8 to carry power the other four is for data transmit End Span End Span device is direct connecting with power device End Span could also tap the wire 1 2 and 3 6 PoE System Architecture The specification of PoE typically requires two devices the Powered Source Equipment ...

Page 676: ... Figure 2 Power Supplied over the Data Pins When to install PoE Consider the following scenarios You re planning to install the latest VoIP Phone system to minimize cabling building costs when your company moves into new offices next month The company staff has been clamoring for a wireless access point in the picnic area behind the building so they can work on their laptops through lunch but the ...

Page 677: ...d start up the PSE begins supplying the 48 VDC level to the PD till it is physically or electrically disconnected Upon disconnection voltage and power shut down Since the PSE is responsible for the PoE process timing it is the one generating the probing signals prior to operating the PD and monitoring the various scenarios that may occur during operation All probing is done using voltage induction...

Page 678: ...n rise in voltage reaching high frequencies would introduce noise on the data lines Once provision of power is initiated it is common for inrush current to be experienced at the PSE port due to the PD s input capacitance A PD must be designed to cease inrush current consumption of over 350 mA within 50 ms of power provision startup Operation During normal operation the PSE provides 44 57 VDC able ...

Page 679: ...he lower time boundary is important to prevent shutdown due to random fluctuations AC Disconnect This method is based on the fact that when a valid PD is connected to a port the AC impedance measured on its terminals is significantly lower than in the case of an open port disconnected PD AC Disconnect detection involves the induction of low AC signal in addition to the 48 VDC operating voltage The...

Page 680: ...olution Check the full duplex status of the Ethernet Switch If the Ethernet Switch is set to full duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make ...

Page 681: ...s 10 100Base TX When connecting your 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assi...

Page 682: ...ge 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Straight Cable SIDE 1 SIDE2 SIDE 1 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White...

Page 683: ...P GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment such that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations Formerly called Group Address Registration Protocol Group Attribute Registration Protocol See Generic Attribute Registration...

Page 684: ...one of the routers is elected querier and assumes the responsibility of keeping track of group membership IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to learn IP Multicast group members In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process ...

Page 685: ... data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe This allows data on the target port to be studied unobtrusively Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links Remote Monitoring RMON RMON provides comprehensiv...

Page 686: ...network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Trivial File Transfer Protocol TFTP A TCP IP protocol commonly used for software downloads Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical work...

Page 687: ... 1995 A1 2001 A2 2005 Immunity EN 55024 1998 A1 2001 A2 2003 ESD IEC 61000 4 2 2001 RS IEC 61000 4 3 2002 EFT Burst IEC 61000 4 4 2004 Surge IEC 61000 4 5 2001 CS IEC 61000 4 6 2003 A1 2004 Magnetic Field IEC 61000 4 8 2001 Voltage Disp IEC 61000 4 11 2004 Responsible for marking this declaration if the Manufacturer Authorized representative established within the EU Authorized representative esta...

Page 688: ...61000 3 3 1995 A1 2001 A2 2005 Immunity EN 55024 1998 A1 2001 A2 2003 ESD IEC 61000 4 2 2001 RS IEC 61000 4 3 2002 EFT Burst IEC 61000 4 4 2004 Surge IEC 61000 4 5 2001 CS IEC 61000 4 6 2003 A1 2004 Magnetic Field IEC 61000 4 8 2001 Voltage Disp IEC 61000 4 11 2004 Responsible for marking this declaration if the Manufacturer Authorized representative established within the EU Authorized representa...

Reviews:

No comments